diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2015-02-24 15:47:33 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2015-02-24 15:47:33 +0000 |
| commit | 7d1cfdb962bffefb3e1c3ae188b9f6aac088cf5d (patch) | |
| tree | 8458495710db35847d9eab1fbc11a5682433a275 /retired | |
| parent | c853e5a24c8b013657a053bfd2d882285cfdfcd7 (diff) | |
retire (no need to wait for release of pending issues in 2.6.32.x LTS)
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3701 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2013-6885 | 11 | ||||
| -rw-r--r-- | retired/CVE-2014-7822 | 15 | ||||
| -rw-r--r-- | retired/CVE-2014-8133 | 11 | ||||
| -rw-r--r-- | retired/CVE-2014-8134 | 14 | ||||
| -rw-r--r-- | retired/CVE-2014-8160 | 12 | ||||
| -rw-r--r-- | retired/CVE-2014-9420 | 11 | ||||
| -rw-r--r-- | retired/CVE-2014-9584 | 11 | ||||
| -rw-r--r-- | retired/CVE-2014-9585 | 12 | ||||
| -rw-r--r-- | retired/CVE-2015-1421 | 13 | ||||
| -rw-r--r-- | retired/CVE-2015-1465 | 12 |
10 files changed, 122 insertions, 0 deletions
diff --git a/retired/CVE-2013-6885 b/retired/CVE-2013-6885 new file mode 100644 index 00000000..77611c0a --- /dev/null +++ b/retired/CVE-2013-6885 @@ -0,0 +1,11 @@ +Description: AMD family 16h erratum 793, hardware lock-up +References: +Notes: +Bugs: +upstream: released (3.14-rc2) [3b56496865f9f7d9bcb2f93b44c63f274f08e3b6] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.14.2-1) +3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86-cpu-amd-add-workaround-for-family-16h-erratum-79.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/x86/x86-cpu-amd-add-workaround-for-family-16h-erratum-79.patch] +3.16-upstream-stable: N/A "fixed before 3.16" +3.2-upstream-stable: released (3.2.67) [x86-cpu-amd-add-workaround-for-family-16h-erratum-793.patch] diff --git a/retired/CVE-2014-7822 b/retired/CVE-2014-7822 new file mode 100644 index 00000000..ee60adab --- /dev/null +++ b/retired/CVE-2014-7822 @@ -0,0 +1,15 @@ +Description: splice: lack of generic write checks +References: +Notes: + bwh> I have a reproducer for this. On 2.6.32 it causes ext4 to corrupt + bwh> the filesystem (which is caught by e2fsck). On 3.2 it causes ext4 to + bwh> hang on umount. ext3 and xfs don't seem to be affected. +Bugs: + - https://bugzilla.redhat.com/show_bug.cgi?id=1163792 +upstream: released (v3.16-rc1) [8d0207652cbe27d1f962050737848e5ad4671958] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.2-1) +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch] +3.16-upstream-stable: N/A "fixed before 3.16" +3.2-upstream-stable: released (3.2.67) [splice-apply-generic-position-and-size-checks-to-eac.patch] diff --git a/retired/CVE-2014-8133 b/retired/CVE-2014-8133 new file mode 100644 index 00000000..8e5f0a38 --- /dev/null +++ b/retired/CVE-2014-8133 @@ -0,0 +1,11 @@ +Description: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS +References: +Notes: +Bugs: +upstream: released (3.19-rc1) [41bdc78544b8a93a9c6814b8bbbfef966272abbe] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/x86/x86-tls-validate-tls-entries-to-protect-espfix.patch] +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.66) [x86-tls-validate-tls-entries-to-protect-espfix.patch] diff --git a/retired/CVE-2014-8134 b/retired/CVE-2014-8134 new file mode 100644 index 00000000..d37bcf1f --- /dev/null +++ b/retired/CVE-2014-8134 @@ -0,0 +1,14 @@ +Description: x86: espfix not working for 32-bit KVM paravirt guests +References: + http://www.spinics.net/lists/kvm/msg111458.html + https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?h=linux-next&id=29fa6825463c97e5157284db80107d1bfac5d77b +Notes: + This is for KVM guests, not KVM itself, so it does apply to squeeze-lts. +Bugs: +upstream: released (3.19-rc1) [29fa6825463c97e5157284db80107d1bfac5d77b] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1) [bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/x86/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch] +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.66) [x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch] diff --git a/retired/CVE-2014-8160 b/retired/CVE-2014-8160 new file mode 100644 index 00000000..29df24d4 --- /dev/null +++ b/retired/CVE-2014-8160 @@ -0,0 +1,12 @@ +Description: netfilter: SCTP firewalling fails until SCTP module is loaded +References: + http://www.spinics.net/lists/netfilter-devel/msg33430.html +Notes: +Bugs: +upstream: released (3.18) [db29a9508a9246e77087c5531e45b2c88ec6988b] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch] +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch] +3.16-upstream-stable: released (3.16.7-ckt5) +3.2-upstream-stable: released (3.2.67) [netfilter-conntrack-disable-generic-tracking-for-kno.patch] diff --git a/retired/CVE-2014-9420 b/retired/CVE-2014-9420 new file mode 100644 index 00000000..26e47513 --- /dev/null +++ b/retired/CVE-2014-9420 @@ -0,0 +1,11 @@ +Description: fs: isofs: infinite loop in CE records +References: +Notes: +Bugs: +upstream: released (v3.19-rc1) [f54e18f1b831c92f6512d2eedb224cd63d607d3d] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch] +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.67) [isofs-fix-infinite-looping-over-ce-entries.patch] diff --git a/retired/CVE-2014-9584 b/retired/CVE-2014-9584 new file mode 100644 index 00000000..6b011872 --- /dev/null +++ b/retired/CVE-2014-9584 @@ -0,0 +1,11 @@ +Description: isofs information leak +References: +Notes: +Bugs: +upstream: released (3.19-rc3) [4e2024624e678f0ebb916e6192bd23c1f9fdf696] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) +3.2-wheezy-security: released (3.2.65-1+deb7u1) [bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch] +3.16-upstream-stable: released (3.16.7-ckt4) +3.2-upstream-stable: released (3.2.67) [isofs-fix-unchecked-printing-of-er-records.patch] diff --git a/retired/CVE-2014-9585 b/retired/CVE-2014-9585 new file mode 100644 index 00000000..4e0575b5 --- /dev/null +++ b/retired/CVE-2014-9585 @@ -0,0 +1,12 @@ +Description: x86_64, vdso: Fix the vdso address randomization algorithm +References: + https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/vdso&id=bc3b94c31d65e761ddfe150d02932c65971b74e2 +Notes: +Bugs: +upstream: released (3.19-rc4) [394f56fe480140877304d342dec46d50dc823d46] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-1) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch] +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch] +3.16-upstream-stable: released (3.16.7-ckt5) +3.2-upstream-stable: released (3.2.67) [x86_64-vdso-fix-the-vdso-address-randomization-algorithm.patch] diff --git a/retired/CVE-2015-1421 b/retired/CVE-2015-1421 new file mode 100644 index 00000000..292aef1b --- /dev/null +++ b/retired/CVE-2015-1421 @@ -0,0 +1,13 @@ +Description: Use-after-free in sctp triggered remotely +References: + http://www.openwall.com/lists/oss-security/2015/01/29/13 + https://git.kernel.org/linus/600ddd6825543962fb807884169e57b580dba208 +Notes: +Bugs: +upstream: released (3.19-rc7) [600ddd6825543962fb807884169e57b580dba208] +2.6.32-upstream-stable: pending (2.6.32.66) +sid: released (3.16.7-ckt4-3) [bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch] +3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-init-collisions.patch] +2.6.32-squeeze-security: released (2.6.32-48squeeze11) [bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch] +3.16-upstream-stable: released (3.16.7-ckt6) +3.2-upstream-stable: released (3.2.67) [net-sctp-fix-slab-corruption-from-use-after-free-on-init-collisions.patch] diff --git a/retired/CVE-2015-1465 b/retired/CVE-2015-1465 new file mode 100644 index 00000000..5389c06c --- /dev/null +++ b/retired/CVE-2015-1465 @@ -0,0 +1,12 @@ +Description: DoS due to routing packets to too many different dsts/too fast +References: + - https://bugzilla.redhat.com/show_bug.cgi?id=1183744 +Notes: +Bugs: +upstream: released (v3.19-rc7) [df4d92549f23e1c037e83323aff58a21b3de7fe0] +2.6.32-upstream-stable: N/A" "Introduced in 3.16 with f88649721268999bdff09777847080a52004f691" +sid: pending (3.16.7-ckt6-1) +3.2-wheezy-security: N/A" "Introduced in 3.16 with f88649721268999bdff09777847080a52004f691" +2.6.32-squeeze-security: N/A" "Introduced in 3.16 with f88649721268999bdff09777847080a52004f691" +3.16-upstream-stable: released (3.16.7-ckt6) +3.2-upstream-stable: N/A" "Introduced in 3.16 with f88649721268999bdff09777847080a52004f691" |