diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2017-03-16 08:20:15 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-03-16 08:20:15 +0000 |
| commit | 91d7544f9fdbc7ffb67a099b9576cae72ed19d5d (patch) | |
| tree | d77e7390fdb0dede8b6a64caa15c0f9c61fcb261 /retired | |
| parent | 14dbef9d90b473780b5adbab26f82bdf23716846 (diff) | |
Retire CVEs fixed everywhere needed
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5086 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2017-5669 | 14 | ||||
| -rw-r--r-- | retired/CVE-2017-5986 | 15 | ||||
| -rw-r--r-- | retired/CVE-2017-6345 | 16 | ||||
| -rw-r--r-- | retired/CVE-2017-6346 | 13 | ||||
| -rw-r--r-- | retired/CVE-2017-6348 | 13 |
5 files changed, 71 insertions, 0 deletions
diff --git a/retired/CVE-2017-5669 b/retired/CVE-2017-5669 new file mode 100644 index 00000000..024030ba --- /dev/null +++ b/retired/CVE-2017-5669 @@ -0,0 +1,14 @@ +Description: ipc/shm: Fix shmat mmap nil-page protection +References: +Notes: + carnil> Fix in linux-next: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 + bwh> Confirmed this affects 3.2 with a simple test program +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=192931 +upstream: released (4.11-rc1) [95e91b831f87ac8e1f8ed50c14d709089b4e01b8] +4.9-upstream-stable: released (4.9.14) [270e84a1e6effd6c0c6e9b13b196b5fdaa392954] +3.16-upstream-stable: released (3.16.42) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch] +3.2-upstream-stable: released (3.2.87) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch] +sid: released (4.9.13-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch] +3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/ipc-shm-Fix-shmat-mmap-nil-page-protection.patch] +3.2-wheezy-security: released (3.2.86-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch] diff --git a/retired/CVE-2017-5986 b/retired/CVE-2017-5986 new file mode 100644 index 00000000..2deeb7ee --- /dev/null +++ b/retired/CVE-2017-5986 @@ -0,0 +1,15 @@ +Description: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() +References: +Notes: + carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f + bwh> Upstream fix actually makes things worse; see + bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353 +Bugs: +upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90] +4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339] +3.16-upstream-stable: released (3.16.42) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch] +3.2-upstream-stable: released (3.2.87) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch] +sid: released (4.9.10-1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch] +3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch] +3.2-wheezy-security: released (3.2.86-1) [bugfix/all/sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch] + diff --git a/retired/CVE-2017-6345 b/retired/CVE-2017-6345 new file mode 100644 index 00000000..0b22271d --- /dev/null +++ b/retired/CVE-2017-6345 @@ -0,0 +1,16 @@ +Description: net/llc: avoid BUG_ON() in skb_orphan() +References: +Notes: +Bugs: + bwh> The upstream commit refers to an added assertion in 3.12, but the + bwh> purpose of that assertion was to catch potential UAF cases so I + bwh> assume this bug could result in a UAF in 3.2. Note that this bug + bwh> is in the obscure llc2 module, not the basic llc support used by + bwh> some other protocols. +upstream: released (4.10) [8b74d439e1697110c5e5c600643e823eb1dd0762] +4.9-upstream-stable: released (4.9.13) [42b52783a59cc706c71cdc7096edce4a6f086fd3] +3.16-upstream-stable: released (3.16.42) [net-llc-avoid-bug_on-in-skb_orphan.patch] +3.2-upstream-stable: released (3.2.87) [net-llc-avoid-bug_on-in-skb_orphan.patch] +sid: released (4.9.13-1) +3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/net-llc-avoid-BUG_ON-in-skb_orphan.patch] +3.2-wheezy-security: released (3.2.86-1) [bugfix/all/net-llc-avoid-bug_on-in-skb_orphan.patch] diff --git a/retired/CVE-2017-6346 b/retired/CVE-2017-6346 new file mode 100644 index 00000000..5230f7ff --- /dev/null +++ b/retired/CVE-2017-6346 @@ -0,0 +1,13 @@ +Description: packet: fix races in fanout_add() +References: +Notes: + bwh> The races can clearly lead to a UAF since 4.2. The impact may be + bwh> less severe in earlier versions but still needs to be fixed. +Bugs: +upstream: released (4.10) [d199fab63c11998a602205f7ee7ff7c05c97164b] +4.9-upstream-stable: released (4.9.13) [722737f27774b14be5a1d2d3b9281dcded7c48b2] +3.16-upstream-stable: released (3.16.42) [packet-fix-races-in-fanout_add.patch] +3.2-upstream-stable: released (3.2.87) [packet-fix-races-in-fanout_add.patch] +sid: released (4.9.13-1) +3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/packet-fix-races-in-fanout_add.patch] +3.2-wheezy-security: released (3.2.86-1) [bugfix/all/packet-fix-races-in-fanout_add.patch] diff --git a/retired/CVE-2017-6348 b/retired/CVE-2017-6348 new file mode 100644 index 00000000..0d4929a0 --- /dev/null +++ b/retired/CVE-2017-6348 @@ -0,0 +1,13 @@ +Description: irda: Fix lockdep annotations in hashbin_delete() +References: +Notes: + bwh> This actually changes locking, not just lockdep annotations. + bwh> So I think it fixes a potential deadlock. +Bugs: +upstream: released (4.10) [4c03b862b12f980456f9de92db6d508a4999b788] +4.9-upstream-stable: released (4.9.13) [c2219da51664451149350e47321aa0fcf72a8b8f] +3.16-upstream-stable: released (3.16.42) [irda-fix-lockdep-annotations-in-hashbin_delete.patch] +3.2-upstream-stable: released (3.2.87) [irda-fix-lockdep-annotations-in-hashbin_delete.patch] +sid: released (4.9.13-1) +3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch] +3.2-wheezy-security: released (3.2.86-1) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch] |