Retire several CVEs

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5646 e094ebfe-e918-0410-adfb-c712417f3574

6 files changed, 103 insertions, 0 deletions

diff --git a/retired/CVE-2017-1000251 b/retired/CVE-2017-1000251
new file mode 100644
index 00000000..9fee4ad9
--- /dev/null
+++ b/retired/CVE-2017-1000251
@@ -0,0 +1,17 @@
+Description: stack buffer overflow flaw in Bluetooth subsystem
+References:
+ https://access.redhat.com/security/vulnerabilities/blueborne
+ https://www.armis.com/blueborne/
+Notes:
+ carnil> Initially it was though affected versions are only
+ carnil> 0e8b207e8a44/v3.3-rc1 but looks it might affect some
+ carnil> more kernel starting on f2fcfcd67/v2.6.32-rc1.
+Bugs:
+upstream: released (4.14-rc1) [e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3]
+4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed]
+3.16-upstream-stable: released (3.16.49) [8a7b081660857a80c3efc463b3da790c4fa0c801]
+3.2-upstream-stable: released (3.2.94) [26d624204b5243a0c928bad4bf62560bb63f385d]
+sid: released (4.12.13-1)
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
diff --git a/retired/CVE-2017-12153 b/retired/CVE-2017-12153
new file mode 100644
index 00000000..1443aac0
--- /dev/null
+++ b/retired/CVE-2017-12153
@@ -0,0 +1,16 @@
+Description: null pointer dereference in nl80211_set_rekey_data()
+References:
+ https://marc.info/?t=150525503100001&r=1&w=2
+ https://marc.info/?l=linux-wireless&m=150525493517953&w=2
+Notes:
+ bwh> Said to be introduced in 3.1 by commit e5497d766ad ("cfg80211/nl80211:
+ bwh> support GTK rekey offload").
+Bugs:
+upstream: released (4.14-rc2) [e785fa0a164aa11001cba931367c7f94ffaff888]
+4.9-upstream-stable: released (4.9.53) [c820441a7a52e3626aede8df94069a50a9e4efdb]
+3.16-upstream-stable: released (3.16.49) [ed2305f2eba403d41dc4213746f60d47273980f6]
+3.2-upstream-stable: released (3.2.94) [082d8a6a55d2b6583d9e93ac9796efdf4c412658]
+sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
diff --git a/retired/CVE-2017-12154 b/retired/CVE-2017-12154
new file mode 100644
index 00000000..60fb4d49
--- /dev/null
+++ b/retired/CVE-2017-12154
@@ -0,0 +1,16 @@
+Description: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
+References:
+ https://www.spinics.net/lists/kvm/msg155414.html
+Notes:
+ bwh> Appears to have been introduced in 3.1 by commit fe3ef05c7572
+ bwh> "KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12".
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1491224
+upstream: released (4.14-rc1) [51aa68e7d57e3217192d88ce90fd5b8ef29ec94f]
+4.9-upstream-stable: released (4.9.53) [86ef97b2dfd504fbc65f6b244a422db0c1b15797]
+3.16-upstream-stable: released (3.16.49) [423a7a81efb8da25dbbcfe7a33bd8bfdce34150b]
+3.2-upstream-stable: released (3.2.94) [7999f7fc5b2ca4c0b2a96b7fb3dfa4e30274da27]
+sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
diff --git a/retired/CVE-2017-14156 b/retired/CVE-2017-14156
new file mode 100644
index 00000000..aaa82b3b
--- /dev/null
+++ b/retired/CVE-2017-14156
@@ -0,0 +1,15 @@
+Description: atyfb_ioctl stack memory leak
+References:
+ https://github.com/torvalds/linux/pull/441
+ https://marc.info/?l=linux-kernel&m=150401461613306&w=2
+ https://marc.info/?l=linux-kernel&m=150453196710422&w=2
+Notes:
+Bugs:
+upstream: released (4.14-rc1) [8e75f7a7a00461ef6d91797a60b606367f6e344d]
+4.9-upstream-stable: released (4.9.53) [64afde6f956dfcb719e329a9d2098b53e68d2755]
+3.16-upstream-stable: released (3.16.49) [093d5ecdeb49c6ad4ea4c1fb39c481e9bcfc1871]
+3.2-upstream-stable: released (3.2.94) [71b8eab658c3569c1b3fe3d4df3334bb3fe85903]
+sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
diff --git a/retired/CVE-2017-14340 b/retired/CVE-2017-14340
new file mode 100644
index 00000000..c431eb78
--- /dev/null
+++ b/retired/CVE-2017-14340
@@ -0,0 +1,15 @@
+Description: xfs: unprivileged user kernel oops
+References:
+ http://www.openwall.com/lists/oss-security/2017/09/13/1
+Notes:
+ bwh> Said to be introduced in 2.6.15 by commit f538d4da8d52 "[XFS] write
+ bwh> barrier support".
+Bugs:
+upstream: released (4.14-rc1) [b31ff3cdf540110da4572e3e29bd172087af65cc]
+4.9-upstream-stable: released (4.9.50) [5b82e0e938af5d9dfb038e2483cb2a84e24584fd]
+3.16-upstream-stable: released (3.16.49) [1e48f7b93c3a8f1d7bb136ab7fa61e763893a6fd]
+3.2-upstream-stable: released (3.2.94) [90b59e69283444326907eb6c6b447366814d0960]
+sid: released (4.12.13-1)
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
diff --git a/retired/CVE-2017-14489 b/retired/CVE-2017-14489
new file mode 100644
index 00000000..58a37d3c
--- /dev/null
+++ b/retired/CVE-2017-14489
@@ -0,0 +1,24 @@
+Description: scsi: nlmsg not properly parsed in iscsi_if_rx function
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1490421
+ https://patchwork.kernel.org/patch/9923803/
+Notes:
+ bwh> Appears to have been introduced in 2.6.15 by commit 0896b7523026
+ bwh> "[SCSI] open-iscsi/linux-iscsi-5 Initiator: Transport class update for
+ bwh> iSCSI".
+ carnil> 7f564528a480084e2318cd48caba7aef4a54a77f is presumably the upstream
+ carnil> fix already fixing the issue, cf.
+ carnil> http://www.openwall.com/lists/oss-security/2017/09/25/3 but
+ carnil> "nevertheless, the buffer overwrite is still there, so a suggested
+ carnil> patch 9923803 (or its later version) is still needed."
+ carnil> Fix is pending for 4.14/scsi-fixes in:
+ carnil> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.14/scsi-fixes&id=c88f0e6b06f4092995688211a631bb436125d77b
+Bugs:
+upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b]
+4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7]
+3.16-upstream-stable: released (3.16.49) [a1b438ad8590add8f6b0b679171bf5e0d45e2da1]
+3.2-upstream-stable: released (3.2.94) [7d38a8202c4a6acf91d6163f53f3253a261bbd22]
+sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]