diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-10-12 17:00:07 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-10-12 17:00:07 +0000 |
commit | 5bc06baa77f3a612757d92dc297e19037faea1c9 (patch) | |
tree | 451d80b1b2c96827cb0dfd306bfb78c625b933d2 /retired | |
parent | cbc0387469ef88da03c9465b25968225c38eef5b (diff) |
Retire several CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5646 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
-rw-r--r-- | retired/CVE-2017-1000251 | 17 | ||||
-rw-r--r-- | retired/CVE-2017-12153 | 16 | ||||
-rw-r--r-- | retired/CVE-2017-12154 | 16 | ||||
-rw-r--r-- | retired/CVE-2017-14156 | 15 | ||||
-rw-r--r-- | retired/CVE-2017-14340 | 15 | ||||
-rw-r--r-- | retired/CVE-2017-14489 | 24 |
6 files changed, 103 insertions, 0 deletions
diff --git a/retired/CVE-2017-1000251 b/retired/CVE-2017-1000251 new file mode 100644 index 00000000..9fee4ad9 --- /dev/null +++ b/retired/CVE-2017-1000251 @@ -0,0 +1,17 @@ +Description: stack buffer overflow flaw in Bluetooth subsystem +References: + https://access.redhat.com/security/vulnerabilities/blueborne + https://www.armis.com/blueborne/ +Notes: + carnil> Initially it was though affected versions are only + carnil> 0e8b207e8a44/v3.3-rc1 but looks it might affect some + carnil> more kernel starting on f2fcfcd67/v2.6.32-rc1. +Bugs: +upstream: released (4.14-rc1) [e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3] +4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed] +3.16-upstream-stable: released (3.16.49) [8a7b081660857a80c3efc463b3da790c4fa0c801] +3.2-upstream-stable: released (3.2.94) [26d624204b5243a0c928bad4bf62560bb63f385d] +sid: released (4.12.13-1) +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch] diff --git a/retired/CVE-2017-12153 b/retired/CVE-2017-12153 new file mode 100644 index 00000000..1443aac0 --- /dev/null +++ b/retired/CVE-2017-12153 @@ -0,0 +1,16 @@ +Description: null pointer dereference in nl80211_set_rekey_data() +References: + https://marc.info/?t=150525503100001&r=1&w=2 + https://marc.info/?l=linux-wireless&m=150525493517953&w=2 +Notes: + bwh> Said to be introduced in 3.1 by commit e5497d766ad ("cfg80211/nl80211: + bwh> support GTK rekey offload"). +Bugs: +upstream: released (4.14-rc2) [e785fa0a164aa11001cba931367c7f94ffaff888] +4.9-upstream-stable: released (4.9.53) [c820441a7a52e3626aede8df94069a50a9e4efdb] +3.16-upstream-stable: released (3.16.49) [ed2305f2eba403d41dc4213746f60d47273980f6] +3.2-upstream-stable: released (3.2.94) [082d8a6a55d2b6583d9e93ac9796efdf4c412658] +sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch] diff --git a/retired/CVE-2017-12154 b/retired/CVE-2017-12154 new file mode 100644 index 00000000..60fb4d49 --- /dev/null +++ b/retired/CVE-2017-12154 @@ -0,0 +1,16 @@ +Description: kvm: nVMX: L2 guest could access hardware(L0) CR8 register +References: + https://www.spinics.net/lists/kvm/msg155414.html +Notes: + bwh> Appears to have been introduced in 3.1 by commit fe3ef05c7572 + bwh> "KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12". +Bugs: + https://bugzilla.redhat.com/show_bug.cgi?id=1491224 +upstream: released (4.14-rc1) [51aa68e7d57e3217192d88ce90fd5b8ef29ec94f] +4.9-upstream-stable: released (4.9.53) [86ef97b2dfd504fbc65f6b244a422db0c1b15797] +3.16-upstream-stable: released (3.16.49) [423a7a81efb8da25dbbcfe7a33bd8bfdce34150b] +3.2-upstream-stable: released (3.2.94) [7999f7fc5b2ca4c0b2a96b7fb3dfa4e30274da27] +sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch] diff --git a/retired/CVE-2017-14156 b/retired/CVE-2017-14156 new file mode 100644 index 00000000..aaa82b3b --- /dev/null +++ b/retired/CVE-2017-14156 @@ -0,0 +1,15 @@ +Description: atyfb_ioctl stack memory leak +References: + https://github.com/torvalds/linux/pull/441 + https://marc.info/?l=linux-kernel&m=150401461613306&w=2 + https://marc.info/?l=linux-kernel&m=150453196710422&w=2 +Notes: +Bugs: +upstream: released (4.14-rc1) [8e75f7a7a00461ef6d91797a60b606367f6e344d] +4.9-upstream-stable: released (4.9.53) [64afde6f956dfcb719e329a9d2098b53e68d2755] +3.16-upstream-stable: released (3.16.49) [093d5ecdeb49c6ad4ea4c1fb39c481e9bcfc1871] +3.2-upstream-stable: released (3.2.94) [71b8eab658c3569c1b3fe3d4df3334bb3fe85903] +sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch] diff --git a/retired/CVE-2017-14340 b/retired/CVE-2017-14340 new file mode 100644 index 00000000..c431eb78 --- /dev/null +++ b/retired/CVE-2017-14340 @@ -0,0 +1,15 @@ +Description: xfs: unprivileged user kernel oops +References: + http://www.openwall.com/lists/oss-security/2017/09/13/1 +Notes: + bwh> Said to be introduced in 2.6.15 by commit f538d4da8d52 "[XFS] write + bwh> barrier support". +Bugs: +upstream: released (4.14-rc1) [b31ff3cdf540110da4572e3e29bd172087af65cc] +4.9-upstream-stable: released (4.9.50) [5b82e0e938af5d9dfb038e2483cb2a84e24584fd] +3.16-upstream-stable: released (3.16.49) [1e48f7b93c3a8f1d7bb136ab7fa61e763893a6fd] +3.2-upstream-stable: released (3.2.94) [90b59e69283444326907eb6c6b447366814d0960] +sid: released (4.12.13-1) +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch] diff --git a/retired/CVE-2017-14489 b/retired/CVE-2017-14489 new file mode 100644 index 00000000..58a37d3c --- /dev/null +++ b/retired/CVE-2017-14489 @@ -0,0 +1,24 @@ +Description: scsi: nlmsg not properly parsed in iscsi_if_rx function +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1490421 + https://patchwork.kernel.org/patch/9923803/ +Notes: + bwh> Appears to have been introduced in 2.6.15 by commit 0896b7523026 + bwh> "[SCSI] open-iscsi/linux-iscsi-5 Initiator: Transport class update for + bwh> iSCSI". + carnil> 7f564528a480084e2318cd48caba7aef4a54a77f is presumably the upstream + carnil> fix already fixing the issue, cf. + carnil> http://www.openwall.com/lists/oss-security/2017/09/25/3 but + carnil> "nevertheless, the buffer overwrite is still there, so a suggested + carnil> patch 9923803 (or its later version) is still needed." + carnil> Fix is pending for 4.14/scsi-fixes in: + carnil> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.14/scsi-fixes&id=c88f0e6b06f4092995688211a631bb436125d77b +Bugs: +upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b] +4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7] +3.16-upstream-stable: released (3.16.49) [a1b438ad8590add8f6b0b679171bf5e0d45e2da1] +3.2-upstream-stable: released (3.2.94) [7d38a8202c4a6acf91d6163f53f3253a261bbd22] +sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch] +4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch] +3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch] +3.2-wheezy-security: released (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch] |