diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2017-04-28 04:22:10 +0000 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-04-28 04:22:10 +0000 |
| commit | f43050596507c5a376a3d6fbd8ee81f4be15d71b (patch) | |
| tree | e142fb37d55ca9957d05eefd4f4856eec6fbb82d /retired | |
| parent | 10767387e4a84e948ce275822bd4a100f187a559 (diff) | |
Retire two CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5240 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired')
| -rw-r--r-- | retired/CVE-2017-5970 | 15 | ||||
| -rw-r--r-- | retired/CVE-2017-8106 | 19 |
2 files changed, 34 insertions, 0 deletions
diff --git a/retired/CVE-2017-5970 b/retired/CVE-2017-5970 new file mode 100644 index 00000000..7b30fd0d --- /dev/null +++ b/retired/CVE-2017-5970 @@ -0,0 +1,15 @@ +Description: ipv4: Invalid IP options could cause skb->dst drop +References: + http://seclists.org/oss-sec/2017/q1/414 + https://patchwork.ozlabs.org/patch/724136/ +Notes: + bwh> This was actually introduced in 2.6.35 by commit f84af32cbca70 + bwh> ("net: ip_queue_rcv_skb() helper"). +Bugs: +upstream: released (4.10-rc8) [34b2cef20f19c87999fff3da4071e66937db9644] +4.9-upstream-stable: released (4.9.11) [f5b54446630a973e1f27b68599366bbd0ac53066] +3.16-upstream-stable: released (3.16.41) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch] +3.2-upstream-stable: released (3.2.88) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch] +sid: released (4.9.10-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch] +3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch] +3.2-wheezy-security: released (3.2.88-1) diff --git a/retired/CVE-2017-8106 b/retired/CVE-2017-8106 new file mode 100644 index 00000000..d06c24b9 --- /dev/null +++ b/retired/CVE-2017-8106 @@ -0,0 +1,19 @@ +Description: nVMX: Check current_vmcs12 before accessing in handle_invept() +References: +Notes: + carnil> Introduced in bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) + carnil> for linux-3.2.y commit 02a988e6e4511b1f6d83525710a12db9c5a45149 (3.2.64) + carnil> backports bfd0a56b90005f8c8a004baf407ad90045c2b11e but is quite + carnil> reduced. + bwh> The backport to 3.2 was a *non*-implementation of INVEPT that doesn't + bwh> have this issue. +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=195167 + https://launchpad.net/bugs/1678676 +upstream: released (3.16-rc4) [4b855078601fc422dbac3059f2215e776f49780f] +4.9-upstream-stable: N/A "Fixed before branch point" +3.16-upstream-stable: N/A "Fixed before branch point" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (3.16.2-1) +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" |