diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2016-06-28 08:34:54 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2016-06-28 08:34:54 +0000 |
commit | 5995bb05fadb43acd248258147490c1c08ae951a (patch) | |
tree | 434a620c1e69976405abcdc237a569473d83544a /retired | |
parent | 98bb4c4104a3c0885f9feab828bf5cb178ec1fa1 (diff) |
Retire several CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4499 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
30 files changed, 354 insertions, 0 deletions
diff --git a/retired/CVE-2014-9903 b/retired/CVE-2014-9903 new file mode 100644 index 00000000..07225690 --- /dev/null +++ b/retired/CVE-2014-9903 @@ -0,0 +1,10 @@ +Description: +References: +Notes: Introduced in 3.14-rc1 with d50dde5a10f305253cbc3855307f608f8a3c5f73 +Bugs: +upstream: released (3.14-rc4) [4efbc454ba68def5ef285b26ebfcfdb605b52755] +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnreable code not present" +sid: N/A "Vulnrable code not present" +3.16-jessie-security: N/A "Vulnreable code not present" +3.2-wheezy-security: N/A "Vulnreable code not present" diff --git a/retired/CVE-2015-7515 b/retired/CVE-2015-7515 new file mode 100644 index 00000000..8953a5d4 --- /dev/null +++ b/retired/CVE-2015-7515 @@ -0,0 +1,13 @@ +Description: aiptek: crash on invalid USB device descriptors +References: + - https://bugzilla.redhat.com/show_bug.cgi?id=1285326 + - https://www.spinics.net/lists/linux-input/msg42294.html + - https://os-s.net/advisories/OSS-2016-05_aiptek.pdf +Notes: +Bugs: +upstream: released (4.4-rc6) [8e20cf2bce122ce9262d6034ee5d5b76fbb92f96] +3.16-upstream-stable: released (3.16.7-ckt26) [24b12688c53a46545a723cf084e25afde2ba39f3] +3.2-upstream-stable: released (3.2.79) [input-aiptek-fix-crash-on-detecting-device-without-endpoints.patch] +sid: released (4.4.2-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/input-aiptek-fix-crash-on-detecting-device-without-e.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-0821 b/retired/CVE-2016-0821 new file mode 100644 index 00000000..eea9bfc9 --- /dev/null +++ b/retired/CVE-2016-0821 @@ -0,0 +1,10 @@ +Description: Too big poison pointer space +References: +Notes: +Bugs: +upstream: released (4.3-rc1) [8a5e5e02fc83aaf67053ab53b359af08c6c49aaf] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.79) [include-linux-poison.h-fix-list_poison-1-2-offset.patch] +sid: released (4.3.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/include-linux-poison.h-fix-list_poison-1-2-offset.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-2117 b/retired/CVE-2016-2117 new file mode 100644 index 00000000..656b9804 --- /dev/null +++ b/retired/CVE-2016-2117 @@ -0,0 +1,13 @@ +Description: memory disclosure into ethernet frames due to incorrect driver handling of scatter/gather IO +References: + http://www.openwall.com/lists/oss-security/2016/03/16/7 + https://bugzilla.novell.com/show_bug.cgi?id=968697 + http://mid.gmane.org/0160420222308.GJ3348@decadent.org.uk +Notes: +Bugs: +upstream: released (4.6-rc5) [f43bfaeddc79effbf3d0fcb53ca477cca66f3db8] +3.16-upstream-stable: released (3.16.36) [atl2-disable-unimplemented-scatter-gather-feature.patch] +3.2-upstream-stable: N/A ("scatter/gather cannot be enabled") +sid: released (4.5.2-1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/atl2-disable-unimplemented-scatter-gather-feature.patch] +3.2-wheezy-security: N/A ("scatter/gather cannot be enabled") diff --git a/retired/CVE-2016-2143 b/retired/CVE-2016-2143 new file mode 100644 index 00000000..8ce0b1f1 --- /dev/null +++ b/retired/CVE-2016-2143 @@ -0,0 +1,11 @@ +Description: s390/mm: page table corruption +References: +Notes: + Introduced since 6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1) +Bugs: +upstream: released (4.5) [3446c13b268af86391d06611327006b059b8bab1] +3.16-upstream-stable: released (3.16.35) [s390-mm-four-page-table-levels-vs.-fork.patch] +3.2-upstream-stable: released (3.2.79) [s390-mm-four-page-table-levels-vs.-fork.patch] +sid: released (4.4.6-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/s390/s390-mm-four-page-table-levels-vs.-fork.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-2184 b/retired/CVE-2016-2184 new file mode 100644 index 00000000..1855fb8b --- /dev/null +++ b/retired/CVE-2016-2184 @@ -0,0 +1,13 @@ +Description: Kernel panic on invalid USB device descriptor (snd_usb_audio driver) +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1317012 + https://bugzilla.redhat.com/show_bug.cgi?id=1283355 + https://bugzilla.redhat.com/show_bug.cgi?id=1283358 +Notes: +Bugs: +upstream: released (4.6-rc1) [0f886ca12765d20124bd06291c82951fd49a33be, 447d6275f0c21f6cc97a88b3a0c601436a4cdf2a] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.80) [alsa-usb-audio-fix-null-dereference-in-create_fixed_stream_quirk.patch, alsa-usb-audio-add-sanity-checks-for-endpoint-accesses.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/alsa-usb-audio-fix-null-dereference-in-create_fixed_.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-2185 b/retired/CVE-2016-2185 new file mode 100644 index 00000000..941c4795 --- /dev/null +++ b/retired/CVE-2016-2185 @@ -0,0 +1,13 @@ +Description: Kernel panic on invalid USB device descriptor (ati_remote2 driver) +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1317014 + https://bugzilla.redhat.com/show_bug.cgi?id=1283362 + https://bugzilla.redhat.com/show_bug.cgi?id=1283363 +Notes: +Bugs: +upstream: released (4.6-rc1) [950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.80) [input-ati_remote2-fix-crashes-on-detecting-device-with-invalid.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/input-ati_remote2-fix-crashes-on-detecting-device-wi.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-2186 b/retired/CVE-2016-2186 new file mode 100644 index 00000000..1ca0ce13 --- /dev/null +++ b/retired/CVE-2016-2186 @@ -0,0 +1,13 @@ +Description: Kernel panic on invalid USB device descriptor (powermate driver) +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1317015 + https://bugzilla.redhat.com/show_bug.cgi?id=1283384 + http://marc.info/?l=linux-usb&m=145796479528669&w=2 +Notes: +Bugs: +upstream: released (4.6-rc1) [9c6ba456711687b794dcf285856fc14e2c76074f] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.80) [input-powermate-fix-oops-with-malicious-usb-descriptors.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/input-powermate-fix-oops-with-malicious-usb-descript.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-2187 b/retired/CVE-2016-2187 new file mode 100644 index 00000000..8e276efd --- /dev/null +++ b/retired/CVE-2016-2187 @@ -0,0 +1,11 @@ +Description: Kernel panic on invalid USB device descriptor (gtco driver) +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1317017 +Notes: +Bugs: +upstream: released (4.6-rc5) [162f98dea487206d9ab79fc12ed64700667a894d] +3.16-upstream-stable: released (3.16.36) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch] +3.2-upstream-stable: released (3.2.81) [input-gtco-fix-crash-on-detecting-device-without-endpoints.patch] +sid: released (4.5.2-1) [bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/input-gtco-fix-crash-on-detecting-device-without-end.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3070 b/retired/CVE-2016-3070 new file mode 100644 index 00000000..bb919933 --- /dev/null +++ b/retired/CVE-2016-3070 @@ -0,0 +1,14 @@ +Description: Null pointer dereference in trace_writeback_dirty_page() +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1306851 (not yet public) +Notes: + bwh> Problematic call sequence removed by upstream commit appears to be: + bwh> migrate_page_copy() -> __set_page_dirty_nobuffers() + bwh> -> account_page_dirtied() -> trace_writeback_dirty_page() +Bugs: +upstream: released (4.4-rc1) [42cb14b110a5698ccf26ce59c4441722605a3743] +3.16-upstream-stable: released (3.16.36) [mm-migrate-dirty-page-without-clear_page_dirty_for_io-etc.patch] +3.2-upstream-stable: N/A ("Vulnerable code not present") +sid: released (4.4.2-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/mm-migrate-dirty-page-without-clear_page_dirty_for_io-etc.patch] +3.2-wheezy-security: N/A ("Vulnerable code not present") diff --git a/retired/CVE-2016-3134 b/retired/CVE-2016-3134 new file mode 100644 index 00000000..381ac247 --- /dev/null +++ b/retired/CVE-2016-3134 @@ -0,0 +1,19 @@ +Description: netfilter IPT_SO_SET_REPLACE memory corruption +References: + https://code.google.com/p/google-security-research/issues/detail?id=758 + https://patchwork.ozlabs.org/patch/595575/ + https://patchwork.ozlabs.org/patch/599721/ + http://marc.info/?l=netfilter-devel&m=145757134822741&w=2 + https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=bdf533de6968e9686df777dc178486f600c6e617 + https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 +Notes: + carnil> Can be triggered by an unprivileged user on PF_INET sockets when + carnil> unprivileged user namespaces are available (CONFIG_USER_NS=y) + bwh> The upstream fixes (in davem/net.git) are the last two listed above +Bugs: +upstream: released (4.6-rc2) [bdf533de6968e9686df777dc178486f600c6e617, 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91] +3.16-upstream-stable: released (3.16.35) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +3.2-upstream-stable: released (3.2.80) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +sid: released (4.5.1-1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3136 b/retired/CVE-2016-3136 new file mode 100644 index 00000000..3fbe04e9 --- /dev/null +++ b/retired/CVE-2016-3136 @@ -0,0 +1,12 @@ +Description: crash on invalid USB device descriptors (mct_u232 driver) +References: + http://seclists.org/bugtraq/2016/Mar/57 + https://bugzilla.redhat.com/show_bug.cgi?id=1283370 +Notes: +Bugs: +upstream: released (4.6-rc3) [4e9a0b05257f29cf4b75f3209243ed71614d062e] +3.16-upstream-stable: released (3.16.35) [usb-mct_u232-add-sanity-checking-in-probe.patch] +3.2-upstream-stable: released (3.2.80) [usb-mct_u232-add-sanity-checking-in-probe.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/usb-mct_u232-add-sanity-checking-in-probe.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3137 b/retired/CVE-2016-3137 new file mode 100644 index 00000000..4f63ceed --- /dev/null +++ b/retired/CVE-2016-3137 @@ -0,0 +1,12 @@ +Description: crash on invalid USB device descriptors (cypress_m8 driver) +References: + http://seclists.org/bugtraq/2016/Mar/55 + https://bugzilla.redhat.com/show_bug.cgi?id=1283368 +Notes: +Bugs: +upstream: released (4.6-rc3) [c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754] +3.16-upstream-stable: released (3.16.35) [usb-cypress_m8-add-endpoint-sanity-check.patch] +3.2-upstream-stable: released (3.2.80) [usb-cypress_m8-add-endpoint-sanity-check.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/usb-cypress_m8-add-endpoint-sanity-check.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3138 b/retired/CVE-2016-3138 new file mode 100644 index 00000000..2aafc05c --- /dev/null +++ b/retired/CVE-2016-3138 @@ -0,0 +1,12 @@ +Description: crash on invalid USB device descriptors (cdc_acm driver) +References: + http://seclists.org/bugtraq/2016/Mar/54 + https://bugzilla.redhat.com/show_bug.cgi?id=1283366 +Notes: +Bugs: +upstream: released (4.6-rc1) [8835ba4a39cf53f705417b3b3a94eb067673f2c9] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.80) [usb-cdc-acm-more-sanity-checking.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/usb-cdc-acm-more-sanity-checking.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3140 b/retired/CVE-2016-3140 new file mode 100644 index 00000000..a5b99550 --- /dev/null +++ b/retired/CVE-2016-3140 @@ -0,0 +1,13 @@ +Description: crash on invalid USB device descriptors (digi_acceleport driver) +References: + http://seclists.org/bugtraq/2016/Mar/61 + https://bugzilla.redhat.com/show_bug.cgi?id=1283378 +Notes: + Proposed patch: http://marc.info/?l=linux-usb&m=145796765030590&w=2 +Bugs: +upstream: released (4.6-rc3) [5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f] +3.16-upstream-stable: released (3.16.35) [usb-digi_acceleport-do-sanity-checking-for-the-number-of-ports.patch] +3.2-upstream-stable: released (3.2.80) [usb-digi_acceleport-do-sanity-checking-for-the-number-of-ports.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/usb-digi_acceleport-do-sanity-checking-for-the-numbe.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3156 b/retired/CVE-2016-3156 new file mode 100644 index 00000000..f01d0780 --- /dev/null +++ b/retired/CVE-2016-3156 @@ -0,0 +1,10 @@ +Description: ipv4: Don't do expensive useless work during inetdev destroy +References: +Notes: +Bugs: +upstream: released (4.6-rc1) [fbd40ea0180a2d328c5adc61414dc8bab9335ce2] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: N/A "Not a security issue since containers are not supported" +sid: released (4.5.1-1) [bugfix/all/ipv4-don-t-do-expensive-useless-work-during-inetdev-.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/ipv4-don-t-do-expensive-useless-work-during-inetdev-.patch] +3.2-wheezy-security: N/A "Not a security issue since containers are not supported" diff --git a/retired/CVE-2016-3157 b/retired/CVE-2016-3157 new file mode 100644 index 00000000..fe57309a --- /dev/null +++ b/retired/CVE-2016-3157 @@ -0,0 +1,11 @@ +Description: I/O port access privilege escalation in x86-64 Linux under Xen +References: + http://xenbits.xen.org/xsa/advisory-171.html +Notes: +Bugs: +upstream: released (4.6-rc1) [b7a584598aea7ca73140cb87b40319944dd3393f] +3.16-upstream-stable: released (3.16.7-ckt27) +3.2-upstream-stable: released (3.2.80) [x86-iopl-64-properly-context-switch-iopl-on-xen-pv.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/x86/x86-iopl-64-properly-context-switch-iopl-on-xen-pv.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3672 b/retired/CVE-2016-3672 new file mode 100644 index 00000000..b9a143c8 --- /dev/null +++ b/retired/CVE-2016-3672 @@ -0,0 +1,14 @@ +Description: Unlimiting the stack disables ASLR on i386 +References: + http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html +Notes: + bwh> This problem has been known for a long time; I don't know why it got + bwh> a 2016 CVE ID. There is some risk of regression so we should + bwh> probably wait a while before backporting. +Bugs: +upstream: released (4.6-rc1) [8b8addf891de8a00e4d39fc32f93f7c5eb8feceb] +3.16-upstream-stable: released (3.16.35) [x86-standardize-mmap_rnd-usage.patch, x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch] +3.2-upstream-stable: released (3.2.80) [x86-standardize-mmap_rnd-usage.patch, x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch] +sid: released (4.5.1-1) [bugfix/all/x86-mm-32-enable-full-randomization-on-i386-and-x86_.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/x86/x86-standardize-mmap_rnd-usage.patch, bugfix/x86/x86-mm-32-enable-full-randomization-on-i386-and-x86_32.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3951 b/retired/CVE-2016-3951 new file mode 100644 index 00000000..b57c75b6 --- /dev/null +++ b/retired/CVE-2016-3951 @@ -0,0 +1,11 @@ +Description: usbnet: memory corruption triggered by invalid USB descriptor +References: +Notes: + bwh> First part was included in 3.16.7-ckt26 and doesn't seem to be needed for 3.2 +Bugs: +upstream: released (4.5) [4d06dd537f95683aba3651098ae288b7cbff8274, 1666984c8625b3db19a9abc298931d35ab7bc64b] +3.16-upstream-stable: released (3.16.35) [usbnet-cleanup-after-bind-in-probe.patch] +3.2-upstream-stable: released (3.2.80) [usbnet-cleanup-after-bind-in-probe.patch] +sid: released (4.5.1-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/cdc_ncm-do-not-call-usbnet_link_change-from-cdc_ncm_.patch, bugfix/all/usbnet-cleanup-after-bind-in-probe.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3955 b/retired/CVE-2016-3955 new file mode 100644 index 00000000..697d1dda --- /dev/null +++ b/retired/CVE-2016-3955 @@ -0,0 +1,10 @@ +Description: remote buffer overflow in usbip +References: +Notes: +Bugs: +upstream: released (4.6-rc3) [b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb] +3.16-upstream-stable: released (3.16.35) [usb-usbip-fix-potential-out-of-bounds-write.patch] +3.2-upstream-stable: released (3.2.80) [usb-usbip-fix-potential-out-of-bounds-write.patch] +sid: released (4.5.2-1) [bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/USB-usbip-fix-potential-out-of-bounds-write.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-3961 b/retired/CVE-2016-3961 new file mode 100644 index 00000000..526844f4 --- /dev/null +++ b/retired/CVE-2016-3961 @@ -0,0 +1,11 @@ +Description: XSA-174: hugetlbfs use may crash PV Linux guests +References: + http://xenbits.xen.org/xsa/advisory-174.html +Notes: +Bugs: +upstream: released (4.6-rc5) [103f6112f253017d7062cd74d17f4a514ed4485c] +3.16-upstream-stable: released (3.16.36) [mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch] +3.2-upstream-stable: released (3.2.81) [hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, mm-hugetlb-allow-hugepages_supported-to-be-architecture-specific.patch, x86-mm-xen-suppress-hugetlbfs-in-pv-guests.patch] +sid: released (4.5.2-1) [bugfix/x86/x86-xen-suppress-hugetlbfs-in-PV-guests.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch] +3.2-wheezy-security: released (3.2.81-1) [bugfix/all/hugetlb-ensure-hugepage-access-is-denied-if-hugepages-are-not.patch, bugfix/all/mm-hugetlb-allow-hugepages_supported-to-be-architect.patch, bugfix/x86/x86-mm-xen-Suppress-hugetlbfs-in-PV-guests.patch] diff --git a/retired/CVE-2016-4485 b/retired/CVE-2016-4485 new file mode 100644 index 00000000..4a3c007c --- /dev/null +++ b/retired/CVE-2016-4485 @@ -0,0 +1,10 @@ +Description: information leak vulnerability in llc module +References: +Notes: +Bugs: +upstream: released (4.6) [b8670c09f37bdf2847cc44f36511a53afc6161fd] +3.16-upstream-stable: released (3.16.36) [net-fix-infoleak-in-llc.patch] +3.2-upstream-stable: released (3.2.81) [net-fix-infoleak-in-llc.patch] +sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-llc.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/net-fix-infoleak-in-llc.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-4486 b/retired/CVE-2016-4486 new file mode 100644 index 00000000..61f9dc5a --- /dev/null +++ b/retired/CVE-2016-4486 @@ -0,0 +1,10 @@ +Description: information leak vulnerability in rtnetlink +References: +Notes: +Bugs: +upstream: released (4.6) [5f8e44741f9f216e33736ea4ec65ca9ac03036e6] +3.16-upstream-stable: released (3.16.36) [net-fix-infoleak-in-rtnetlink.patch] +3.2-upstream-stable: released (3.2.81) [net-fix-infoleak-in-rtnetlink.patch] +sid: released (4.5.4-1) [bugfix/all/net-fix-infoleak-in-rtnetlink.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/net-fix-infoleak-in-rtnetlink.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-4565 b/retired/CVE-2016-4565 new file mode 100644 index 00000000..db8b2261 --- /dev/null +++ b/retired/CVE-2016-4565 @@ -0,0 +1,10 @@ +Description: Privilege escalation through misuse of write() in RDMA APIs +References: +Notes: +Bugs: +upstream: released (4.6-rc6) [e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3] +3.16-upstream-stable: released (3.16.36) [ib-security-restrict-use-of-the-write-interface.patch] +3.2-upstream-stable: released (3.2.81) [ib-security-restrict-use-of-the-write-interface.patch] +sid: released (4.5.3-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/ib-security-restrict-use-of-the-write-interface.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-4580 b/retired/CVE-2016-4580 new file mode 100644 index 00000000..a2963397 --- /dev/null +++ b/retired/CVE-2016-4580 @@ -0,0 +1,11 @@ +Description: net: fix a kernel infoleak in x25 module +References: +Notes: + For 4.5.x fixed in f7ee286fab0b55bf5908978c94e50d52e627b3ac +Bugs: +upstream: released (4.6) [79e48650320e6fba48369fccf13fd045315b19b8] +3.16-upstream-stable: released (3.16.36) [net-fix-a-kernel-infoleak-in-x25-module.patch] +3.2-upstream-stable: released (3.2.81) [net-fix-a-kernel-infoleak-in-x25-module.patch] +sid: released (4.5.5-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/net-fix-a-kernel-infoleak-in-x25-module.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-4581 b/retired/CVE-2016-4581 new file mode 100644 index 00000000..0b07225e --- /dev/null +++ b/retired/CVE-2016-4581 @@ -0,0 +1,10 @@ +Description: +References: +Notes: +Bugs: +upstream: released (4.6-rc7) [5ec0811d30378ae104f250bfc9b3640242d81e3f] +3.16-upstream-stable: released (3.16.36) [fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, propogate_mnt-handle-the-first-propogated-copy-being-a-slave.patch] +3.2-upstream-stable: N/A "Vulnerable code introduced with f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (3.15-rc1)" +sid: released (4.5.4-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/fs-pnode.c-treat-zero-mnt_group_id-s-as-unequal.patch, bugfix/all/propogate_mnt-Handle-the-first-propogated-copy-being.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2016-4794 b/retired/CVE-2016-4794 new file mode 100644 index 00000000..36afdcbd --- /dev/null +++ b/retired/CVE-2016-4794 @@ -0,0 +1,16 @@ +Description: Use-after-free in pcpu_extend_area_map, triggered by bpf() +References: + Reproducer: http://www.openwall.com/lists/oss-security/2016/05/12/6 + http://thread.gmane.org/gmane.linux.network/408459/ + http://article.gmane.org/gmane.linux.kernel/2227891 + http://article.gmane.org/gmane.linux.kernel/2227892 +Notes: + bwh> It's not clear whether this is specific to bpf() or an existing bug + bwh> that's now easier to hit (and exploit). +Bugs: +upstream: released (4.7-rc4) [4f996e234dad488e5d9ba0858bc1bae12eff82c3, 6710e594f71ccaad8101bc64321152af7cd9ea28] +3.16-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1" +3.2-upstream-stable: N/A "Introduced with 1a4d76076cda and 9c824b6a172c in 3.18-rc1" +sid: released (4.6.2-2) [bugfix/all/percpu-fix-synchronization-between-chunk-map_extend_.patch, bugfix/all/percpu-fix-synchronization-between-synchronous-map-e.patch] +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2016-4805 b/retired/CVE-2016-4805 new file mode 100644 index 00000000..ea1cb126 --- /dev/null +++ b/retired/CVE-2016-4805 @@ -0,0 +1,10 @@ +Description: use-after-free issue for ppp channel +References: +Notes: For 4.5.x in d1d87a48fa9731247424675f6abc5daba74ec3f8 +Bugs: +upstream: released (4.6-rc1) [1f461dcdd296eecedaffffc6bae2bfa90bd7eb89] +3.16-upstream-stable: released (3.16.35) [6ab3a4331a1de5a20c3dc97f5211d00f1b35ce50] +3.2-upstream-stable: released (3.2.80) [7fda126c5155acc3e61596ce4c5dcf3859e22444] +sid: released (4.5.2-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/ppp-take-reference-on-channels-netns.patch] +3.2-wheezy-security: released (3.2.81-1) diff --git a/retired/CVE-2016-4913 b/retired/CVE-2016-4913 new file mode 100644 index 00000000..0cbc48e5 --- /dev/null +++ b/retired/CVE-2016-4913 @@ -0,0 +1,10 @@ +Description: information leak in Rock Ridge Extensions to iso9660 +References: +Notes: +Bugs: +upstream: released (4.6) [99d825822eade8d827a1817357cbf3f889a552d6] +3.16-upstream-stable: released (3.16.36) [get_rock_ridge_filename-handle-malformed-nm-entries.patch] +3.2-upstream-stable: released (3.2.81) [get_rock_ridge_filename-handle-malformed-nm-entries.patch] +sid: released (4.5.4-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch] +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch] +3.2-wheezy-security: released (3.2.81-1) [bugfix/all/get_rock_ridge_filename-handle-malformed-NM-entries.patch] diff --git a/retired/CVE-2016-partial-SMAP-bypass b/retired/CVE-2016-partial-SMAP-bypass new file mode 100644 index 00000000..487b26b0 --- /dev/null +++ b/retired/CVE-2016-partial-SMAP-bypass @@ -0,0 +1,11 @@ +Description: Partial SMAP bypass on 64-bit Linux kernels +References: + http://www.openwall.com/lists/oss-security/2016/02/26/6 +Notes: +Bugs: +upstream: released (4.5-rc6) [3d44d51bd339766f0178f0cf2e8d048b4a4872aa] +3.16-upstream-stable: released (3.16.7-ckt26) [a39881d103f27702f8057051f59196375b905f6a] +3.2-upstream-stable: N/A "Vulnerable code not present, introduced in 63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)" +sid: released (4.4.4-1) +3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/x86/x86-entry-compat-add-missing-clac-to-entry_int80_32.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" |