diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2017-07-03 07:24:13 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-07-03 07:24:13 +0000 |
| commit | 7fa91dd46d166029686400082dda51d245703aa8 (patch) | |
| tree | c7c8a62ac0db1735e7ba9a7ef115a2265c52f1c6 /retired | |
| parent | eb9f4231ba3f0794e60f8afbeaaf7431450644be (diff) | |
Retire several CVEs fixed everwhere
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5401 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2017-1000364 | 16 | ||||
| -rw-r--r-- | retired/CVE-2017-7487 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-7645 | 25 | ||||
| -rw-r--r-- | retired/CVE-2017-7895 | 14 | ||||
| -rw-r--r-- | retired/CVE-2017-8064 | 14 | ||||
| -rw-r--r-- | retired/CVE-2017-8890 | 14 | ||||
| -rw-r--r-- | retired/CVE-2017-8924 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-8925 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-9074 | 16 | ||||
| -rw-r--r-- | retired/CVE-2017-9075 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-9076 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-9077 | 12 | ||||
| -rw-r--r-- | retired/CVE-2017-9242 | 12 |
13 files changed, 183 insertions, 0 deletions
diff --git a/retired/CVE-2017-1000364 b/retired/CVE-2017-1000364 new file mode 100644 index 00000000..95397f9a --- /dev/null +++ b/retired/CVE-2017-1000364 @@ -0,0 +1,16 @@ +Description: stack gap guard page too small +References: +Notes: + carnil> original patch series as applied in 4.9.30-2+deb9u1, + carnil> 3.16.43-2+deb8u1 and 3.2.89-1 caused regressions. + carnil> A regression update following the official upstream + carnil> patch will solve those. +Bugs: +upstream: released (4.12-rc6) [1be7107fbe18eed3e319a6c3e83c78254b693acb] +4.9-upstream-stable: released (4.9.34) [cfc0eb403816c5c4f9667d959de5e22789b5421e] +3.16-upstream-stable: released (3.16.45) [978b8aa1646d4e023edd121c7f1b8f938ccb813d] +3.2-upstream-stable: released (3.2.90) [640c7dfdc7c723143b1ce42f5569ec8565cbbde7] +sid: released (4.11.6-1) [bugfix/all/mm-larger-stack-guard-gap-between-vmas.patch] +4.9-stretch-security: released (4.9.30-2+deb9u1) +3.16-jessie-security: released (3.16.43-2+deb8u1) +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-7487 b/retired/CVE-2017-7487 new file mode 100644 index 00000000..5792cecb --- /dev/null +++ b/retired/CVE-2017-7487 @@ -0,0 +1,12 @@ +Description: ipx: call ipxitf_put() in ioctl error path +References: +Notes: +Bugs: +upstream: released (4.12-rc1) [ee0d8d8482345ff97a75a7d747efc309f13b0d80] +4.9-upstream-stable: released (4.9.30) [820adccd0e3be9bdd2384ca8fc4712108cfdf28b] +3.16-upstream-stable: released (3.16.44) [c64988b55a19fc5c85f85c433976d6e5210f54dc] +3.2-upstream-stable: released (3.2.89) [48dc185bcc73e1bb42d007cbaf96ad55cefaf4cb] +sid: released (4.9.30-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/ipx-call-ipxitf_put-in-ioctl-error-path.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-7645 b/retired/CVE-2017-7645 new file mode 100644 index 00000000..5103c98d --- /dev/null +++ b/retired/CVE-2017-7645 @@ -0,0 +1,25 @@ +Description: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c +References: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645 + https://marc.info/?l=linux-nfs&m=149218228327497&w=2 + https://marc.info/?l=linux-nfs&m=149247516212924&w=2 +Notes: + carnil> afaict the issue for which CVE-2017-7645 was assigned + carnil> is fixed with e6838a29ecb484c97e4efef9429643b9851fba6e + carnil> but I think + carnil> db44bac41bbfc0c0d9dd943092d8bded3c9db19b (nfsd4: minor + carnil> NFSv2/v3 write decoding cleanup) and the following + carnil> 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 (nfsd: stricter + carnil> decoding of write-like NFSv2/v3 ops) should be applied + carnil> as well (should the last commit get a separate CVE id?) + carnil> 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 got a separate + carnil> CVE: CVE-2017-7895 +Bugs: +upstream: released (4.11) [e6838a29ecb484c97e4efef9429643b9851fba6e] +4.9-upstream-stable: released (4.9.26) [fc6445df466f37291a70937642068bda78802a5b] +3.16-upstream-stable: released (3.16.44) [1d4ab03084d4bace93b1573c57a309e954d05c09] +3.2-upstream-stable: released (3.2.89) [1eb3e42d91d63fc757a8da38683f417bcdf953a2] +sid: released (4.9.25-1) [bugfix/all/nfsd-check-for-oversized-NFSv2-v3-arguments.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/nfsd-check-for-oversized-nfsv2-v3-arguments.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-7895 b/retired/CVE-2017-7895 new file mode 100644 index 00000000..8269afbb --- /dev/null +++ b/retired/CVE-2017-7895 @@ -0,0 +1,14 @@ +Description: nfsd: stricter decoding of write-like NFSv2/v3 ops +References: +Notes: + carnil> Prerequisite: db44bac41bbfc0c0d9dd943092d8bded3c9db19b (nfsd4: minor + carnil> NFSv2/v3 write decoding cleanup) +Bugs: +upstream: released (4.11) [13bf9fbff0e5e099e2b6f003a0ab8ae145436309] +4.9-upstream-stable: released (4.9.26) [d7809b9e99bb75e83bdd13dc70ce27df61faf5de] +3.16-upstream-stable: released (3.16.44) [bb0ea8af0b69259f5ea1d2fcff52948c98129c5e] +3.2-upstream-stable: released (3.2.89) [6b9ba0c00cb068a50a409bbdc7cfbe473f1c01a3] +sid: released (4.9.25-1) [bugfix/all/nfsd-stricter-decoding-of-write-like-NFSv2-v3-ops.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/nfsd-stricter-decoding-of-write-like-nfsv2-v3-ops.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-8064 b/retired/CVE-2017-8064 new file mode 100644 index 00000000..faf64491 --- /dev/null +++ b/retired/CVE-2017-8064 @@ -0,0 +1,14 @@ +Description: [media] dvb-usb-v2: avoid use-after-free +References: +Notes: + bwh> Introduced in 3.7 by commit d10d1b9ac97b + bwh> "[media] dvb_usb_v2: use dev_* logging macros" +Bugs: +upstream: released (4.11-rc1) [005145378c9ad7575a01b6ce1ba118fb427f583a] +4.9-upstream-stable: released (4.9.24) [1992564156b5dc4ac73418e5b95e1a43f12f3cb1] +3.16-upstream-stable: released (3.16.44) [522182342410708c54eb2b33ff36e85f0b045a6d] +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.9.25-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/media-dvb-usb-v2-avoid-use-after-free.patch] +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-8890 b/retired/CVE-2017-8890 new file mode 100644 index 00000000..ca5cd021 --- /dev/null +++ b/retired/CVE-2017-8890 @@ -0,0 +1,14 @@ +Description: dccp/tcp: do not inherit mc_list from parent +References: +Notes: + bwh> What's weird here is that it's possible to add a socket for a + bwh> connection-based protocol to a multicast group. +Bugs: +upstream: released (4.12-rc1) [657831ffc38e30092a2d5f03d385d710eb88b09a] +4.9-upstream-stable: released (4.9.31) [4eed44029507acc666ac7afe9c6a8ea0abf857b7] +3.16-upstream-stable: released (3.16.44) [e4d8daa3b0d195c8aead116dd70aad8124be60c3] +3.2-upstream-stable: released (3.2.89) [3d221359fedfc759661fb4a72804b6e798886e8f] +sid: released (4.9.30-1) [bugfix/all/dccp-tcp-do-not-inherit-mc_list-from-parent.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/dccp-tcp-do-not-inherit-mc_list-from-parent.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-8924 b/retired/CVE-2017-8924 new file mode 100644 index 00000000..b9c1d62d --- /dev/null +++ b/retired/CVE-2017-8924 @@ -0,0 +1,12 @@ +Description: information leak in io_ti USB driver +References: +Notes: +Bugs: +upstream: released (4.11-rc2) [654b404f2a222f918af9b0cd18ad469d0c941a8e] +4.9-upstream-stable: released (4.9.16) [d0ef6ecee85e17742d8bce1559872cb542d6ccac] +3.16-upstream-stable: released (3.16.44) [f7287278eea268132ab71b30a0425ccf3a13a323] +3.2-upstream-stable: released (3.2.89) [6d0c587048c85ca94723fc1bd900130cbe875eb3] +sid: released (4.9.16-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/usb-serial-io_ti-fix-information-leak-in-completion-.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-8925 b/retired/CVE-2017-8925 new file mode 100644 index 00000000..1b5c38f6 --- /dev/null +++ b/retired/CVE-2017-8925 @@ -0,0 +1,12 @@ +Description: tty exhaustion DoS in omninet USB driver +References: +Notes: +Bugs: +upstream: released (4.11-rc2) [30572418b445d85fcfe6c8fe84c947d2606767d8] +4.9-upstream-stable: released (4.9.16) [6d6c5895f45431579c20f4183b25183f0e3afc92] +3.16-upstream-stable: released (3.16.44) [e766215595e90b7a307cc7c7054ff43e96340731] +3.2-upstream-stable: released (3.2.89) [8b236342396140be22ab9b486c412666f161af78] +sid: released (4.9.16-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/usb-serial-omninet-fix-reference-leaks-at-open.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-9074 b/retired/CVE-2017-9074 new file mode 100644 index 00000000..7bf31d55 --- /dev/null +++ b/retired/CVE-2017-9074 @@ -0,0 +1,16 @@ +Description: ipv6: Prevent overrun when parsing v6 header options +References: +Notes: + carnil> Requires as well 7dd7eb9513bd02184d45f000ab69d78cb1fa1531 + carnil> which fixes 2423496af35d94a87156b063ea5cedffc10a70a1 + bwh> Also requires 6e80ac5cc992ab6256c3dae87f7e57db15e1a58c and + bwh> e3e86b5119f81e5e2499bea7ea1ebe8ac6aab789 +Bugs: +upstream: released (4.12-rc2) [2423496af35d94a87156b063ea5cedffc10a70a1] +4.9-upstream-stable: released (4.9.31) [a2c845e51a820549a6df5a1e8907ee754422119e] +3.16-upstream-stable: released (3.16.44) [3bff722de601acaf593a1ade13fbbee54b688e9b] +3.2-upstream-stable: released (3.2.89) [ad8a4d9d3f255a783d534a47d4b4ac611bb291d8] +sid: released (4.9.30-1) [bugfix/all/ipv6-prevent-overrun-when-parsing-v6-header-options.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/ipv6-prevent-overrun-when-parsing-v6-header-options.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-9075 b/retired/CVE-2017-9075 new file mode 100644 index 00000000..daea32eb --- /dev/null +++ b/retired/CVE-2017-9075 @@ -0,0 +1,12 @@ +Description: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent +References: +Notes: +Bugs: +upstream: released (4.12-rc2) [fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8] +4.9-upstream-stable: released (4.9.31) [5e7d9f0b3f729a64b99e58047f7bb0ff36acb759] +3.16-upstream-stable: released (3.16.44) [60e7579f4b71e2e8b252d2f1b3ef5ffb3b971a4e] +3.2-upstream-stable: released (3.2.89) [cc1fa7814bdb7ebee2ee79bbce181c0783de9ad5] +sid: released (4.9.30-1) [bugfix/all/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-9076 b/retired/CVE-2017-9076 new file mode 100644 index 00000000..05249e5c --- /dev/null +++ b/retired/CVE-2017-9076 @@ -0,0 +1,12 @@ +Description: ipv6/dccp: do not inherit ipv6_mc_list from parent (dccp_v6_request_recv_sock) +References: +Notes: +Bugs: +upstream: released (4.12-rc2) [83eaddab4378db256d00d295bda6ca997cd13a52] +4.9-upstream-stable: released (4.9.31) [4bd8f5e38e5a1612ce4373068b518b14d3e38ec8] +3.16-upstream-stable: released (3.16.44) [53d48f98b800059504da76d12bf0074581aa0fe2] +3.2-upstream-stable: released (3.2.89) [0767192a2c4ac9145a7e8fb00370963bc145a920] +sid: released (4.9.30-1) [bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-9077 b/retired/CVE-2017-9077 new file mode 100644 index 00000000..dc407781 --- /dev/null +++ b/retired/CVE-2017-9077 @@ -0,0 +1,12 @@ +Description: ipv6/dccp: do not inherit ipv6_mc_list from parent (tcp_v6_syn_recv_sock) +References: +Notes: +Bugs: +upstream: released (4.12-rc2) [83eaddab4378db256d00d295bda6ca997cd13a52] +4.9-upstream-stable: released (4.9.31) [4bd8f5e38e5a1612ce4373068b518b14d3e38ec8] +3.16-upstream-stable: released (3.16.44) [53d48f98b800059504da76d12bf0074581aa0fe2] +3.2-upstream-stable: released (3.2.89) [0767192a2c4ac9145a7e8fb00370963bc145a920] +sid: released (4.9.30-1) [bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch] +3.2-wheezy-security: released (3.2.89-1) diff --git a/retired/CVE-2017-9242 b/retired/CVE-2017-9242 new file mode 100644 index 00000000..fe98b8e2 --- /dev/null +++ b/retired/CVE-2017-9242 @@ -0,0 +1,12 @@ +Description: ipv6: fix out of bound writes in __ip6_append_data() +References: +Notes: +Bugs: +upstream: released (4.12-rc3) [232cd35d0804cc241eb887bb8d4d9b3b9881c64a] +4.9-upstream-stable: released (4.9.31) [304b41014acbdc5fa5126c86bac31dc41a245f9f] +3.16-upstream-stable: released (3.16.44) [55c51263ff43e3bf5deb1425f4221696f94db1be] +3.2-upstream-stable: released (3.2.89) [e5238fca9694d61861096d5fb80685c9f6581555] +sid: released (4.9.30-1) [bugfix/all/ipv6-fix-out-of-bound-writes-in-__ip6_append_data.patch] +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: released (3.16.43-2+deb8u1) [bugfix/all/ipv6-fix-out-of-bound-writes-in-__ip6_append_data.patch] +3.2-wheezy-security: released (3.2.89-1) |