From 8a26e89267fc5cacf0aeb45e58efd563b396dd30 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 17 Apr 2018 20:54:38 +0100 Subject: Triage and retire various issues that don't need to be fixed anywhere --- active/CVE-2017-15116 | 17 ----------------- active/CVE-2017-18255 | 12 ------------ active/CVE-2018-10074 | 12 ------------ active/CVE-2018-10087 | 14 -------------- active/CVE-2018-10124 | 14 -------------- active/CVE-2018-1091 | 15 --------------- retired/CVE-2017-15116 | 22 ++++++++++++++++++++++ retired/CVE-2017-18255 | 13 +++++++++++++ retired/CVE-2018-10074 | 13 +++++++++++++ retired/CVE-2018-10087 | 15 +++++++++++++++ retired/CVE-2018-10124 | 15 +++++++++++++++ retired/CVE-2018-1091 | 17 +++++++++++++++++ 12 files changed, 95 insertions(+), 84 deletions(-) delete mode 100644 active/CVE-2017-15116 delete mode 100644 active/CVE-2017-18255 delete mode 100644 active/CVE-2018-10074 delete mode 100644 active/CVE-2018-10087 delete mode 100644 active/CVE-2018-10124 delete mode 100644 active/CVE-2018-1091 create mode 100644 retired/CVE-2017-15116 create mode 100644 retired/CVE-2017-18255 create mode 100644 retired/CVE-2018-10074 create mode 100644 retired/CVE-2018-10087 create mode 100644 retired/CVE-2018-10124 create mode 100644 retired/CVE-2018-1091 diff --git a/active/CVE-2017-15116 b/active/CVE-2017-15116 deleted file mode 100644 index 79b080779..000000000 --- a/active/CVE-2017-15116 +++ /dev/null @@ -1,17 +0,0 @@ -Description: crypto: rng - Remove old low-level rng interface -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1485815 (not accessible) - https://bugzilla.redhat.com/show_bug.cgi?id=1514609 -Notes: - bwh> Clearly we can't apply the upstream fix for this, but need to guard - bwh> against the null pointer somehow. I can't work out which pointer - bwh> can be null though. -Bugs: -upstream: released (4.2-rc1) [94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6] -4.9-upstream-stable: N/A "Fixed before branching point" -3.16-upstream-stable: -3.2-upstream-stable: -sid: released (4.2.1-1) -4.9-stretch-security: N/A "Fixed before branching point" -3.16-jessie-security: -3.2-wheezy-security: diff --git a/active/CVE-2017-18255 b/active/CVE-2017-18255 deleted file mode 100644 index 0441bb813..000000000 --- a/active/CVE-2017-18255 +++ /dev/null @@ -1,12 +0,0 @@ -Description: DoS in perf_cpu_time_max_percent_handler -References: -Notes: -Bugs: -upstream: released (4.11-rc1) [1572e45a924f254d9570093abde46430c3172e3d] -4.9-upstream-stable: -3.16-upstream-stable: -3.2-upstream-stable: -sid: released (4.11.6-1) -4.9-stretch-security: -3.16-jessie-security: -3.2-wheezy-security: diff --git a/active/CVE-2018-10074 b/active/CVE-2018-10074 deleted file mode 100644 index 93bea858d..000000000 --- a/active/CVE-2018-10074 +++ /dev/null @@ -1,12 +0,0 @@ -Description: clk: hisilicon: hi3660:Fix potential NULL dereference in hi3660_stub_clk_probe() -References: -Notes: -Bugs: -upstream: released (4.16-rc7) [9903e41ae1f5d50c93f268ca3304d4d7c64b9311] -4.9-upstream-stable: -3.16-upstream-stable: -3.2-upstream-stable: -sid: -4.9-stretch-security: -3.16-jessie-security: -3.2-wheezy-security: diff --git a/active/CVE-2018-10087 b/active/CVE-2018-10087 deleted file mode 100644 index 60f35d2a5..000000000 --- a/active/CVE-2018-10087 +++ /dev/null @@ -1,14 +0,0 @@ -Description: kernel/exit.c: avoid undefined behaviour when calling wait4() -References: - https://news.ycombinator.com/item?id=2972021 - http://lkml.kernel.org/r/1497264618-20212-1-git-send-email-zhongjiang@huawei.com -Notes: -Bugs: -upstream: released (4.13-rc1) [dd83c161fbcc5d8be637ab159c0de015cbff5ba4] -4.9-upstream-stable: -3.16-upstream-stable: -3.2-upstream-stable: -sid: released (4.13.4-1) -4.9-stretch-security: -3.16-jessie-security: -3.2-wheezy-security: diff --git a/active/CVE-2018-10124 b/active/CVE-2018-10124 deleted file mode 100644 index 41a04d78f..000000000 --- a/active/CVE-2018-10124 +++ /dev/null @@ -1,14 +0,0 @@ -Description: kernel/signal.c: avoid undefined behaviour in kill_something_info -References: - https://news.ycombinator.com/item?id=2972021 - http://lkml.kernel.org/r/1496670008-59084-1-git-send-email-zhongjiang@huawei.com -Notes: -Bugs: -upstream: released (4.13-rc1) [4ea77014af0d6205b05503d1c7aac6eace11d473] -4.9-upstream-stable: -3.16-upstream-stable: -3.2-upstream-stable: -sid: released (4.13.4-1) -4.9-stretch-security: -3.16-jessie-security: -3.2-wheezy-security: diff --git a/active/CVE-2018-1091 b/active/CVE-2018-1091 deleted file mode 100644 index 66ba22fd6..000000000 --- a/active/CVE-2018-1091 +++ /dev/null @@ -1,15 +0,0 @@ -Description: KVM guest kernel crash during core dump on POWER9 host -References: - http://www.openwall.com/lists/oss-security/2018/03/27/4 - https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2 - https://bugzilla.redhat.com/show_bug.cgi?id=1558149 -Notes: -Bugs: -upstream: released (4.14-rc2) [c1fa0768a8713b135848f78fd43ffc208d8ded70] -4.9-upstream-stable: released (4.9.53) [f89f25b531471a6ba43f0b5658f9359fcf33a285] -3.16-upstream-stable: -3.2-upstream-stable: -sid: released (4.13.10-1) -4.9-stretch-security: released (4.9.65-1) -3.16-jessie-security: -3.2-wheezy-security: diff --git a/retired/CVE-2017-15116 b/retired/CVE-2017-15116 new file mode 100644 index 000000000..01dc46935 --- /dev/null +++ b/retired/CVE-2017-15116 @@ -0,0 +1,22 @@ +Description: crypto: drbg - null pointer dereference +References: + https://bugzilla.redhat.com/show_bug.cgi?id=1485815 (not accessible) + https://bugzilla.redhat.com/show_bug.cgi?id=1514609 +Notes: + bwh> Clearly we can't apply the upstream fix for this, but need to guard + bwh> against the null pointer somehow. I can't work out which pointer + bwh> can be null though. + bwh> I've now looked at the RHEL 7 update, and the comment indicates + bwh> that the vulnerable code is in crypto/drbg.c. I verified that + bwh> it does have a weird special case for slen == 0 && seed != NULL + bwh> which no other RNG does. This was added in mainline in 3.17 and + bwh> then backported to RHEL's 3.10 branch. +Bugs: +upstream: released (4.2-rc1) [94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6] +4.9-upstream-stable: N/A "Fixed before branching point" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.2.1-1) +4.9-stretch-security: N/A "Fixed before branching point" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2017-18255 b/retired/CVE-2017-18255 new file mode 100644 index 000000000..374a39a91 --- /dev/null +++ b/retired/CVE-2017-18255 @@ -0,0 +1,13 @@ +Description: DoS in perf_cpu_time_max_percent_handler +References: +Notes: + bwh> root is supposed to be able to deny service any way they want... +Bugs: +upstream: released (4.11-rc1) [1572e45a924f254d9570093abde46430c3172e3d] +4.9-upstream-stable: ignored "not a security issue" +3.16-upstream-stable: ignored "not a security issue" +3.2-upstream-stable: ignored "not a security issue" +sid: released (4.11.6-1) +4.9-stretch-security: ignored "not a security issue" +3.16-jessie-security: ignored "not a security issue" +3.2-wheezy-security: ignored "not a security issue" diff --git a/retired/CVE-2018-10074 b/retired/CVE-2018-10074 new file mode 100644 index 000000000..3601b17f0 --- /dev/null +++ b/retired/CVE-2018-10074 @@ -0,0 +1,13 @@ +Description: clk: hisilicon: hi3660:Fix potential NULL dereference in hi3660_stub_clk_probe() +References: +Notes: + bwh> This is in a newly added driver. +Bugs: +upstream: released (4.16-rc7) [9903e41ae1f5d50c93f268ca3304d4d7c64b9311] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: N/A "Vulnerable code not present" +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" diff --git a/retired/CVE-2018-10087 b/retired/CVE-2018-10087 new file mode 100644 index 000000000..178e980ed --- /dev/null +++ b/retired/CVE-2018-10087 @@ -0,0 +1,15 @@ +Description: kernel/exit.c: avoid undefined behaviour when calling wait4() +References: + https://news.ycombinator.com/item?id=2972021 + http://lkml.kernel.org/r/1497264618-20212-1-git-send-email-zhongjiang@huawei.com +Notes: + bwh> This looks very unlikely to have any security impact in reality. +Bugs: +upstream: released (4.13-rc1) [dd83c161fbcc5d8be637ab159c0de015cbff5ba4] +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: ignored "Minor issue" +sid: released (4.13.4-1) +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: ignored "Minor issue" +3.2-wheezy-security: ignored "Minor issue" diff --git a/retired/CVE-2018-10124 b/retired/CVE-2018-10124 new file mode 100644 index 000000000..cddaf1e68 --- /dev/null +++ b/retired/CVE-2018-10124 @@ -0,0 +1,15 @@ +Description: kernel/signal.c: avoid undefined behaviour in kill_something_info +References: + https://news.ycombinator.com/item?id=2972021 + http://lkml.kernel.org/r/1496670008-59084-1-git-send-email-zhongjiang@huawei.com +Notes: + bwh> This looks very unlikely to have any security impact in reality. +Bugs: +upstream: released (4.13-rc1) [4ea77014af0d6205b05503d1c7aac6eace11d473] +4.9-upstream-stable: ignored "Minor issue" +3.16-upstream-stable: ignored "Minor issue" +3.2-upstream-stable: ignored "Minor issue" +sid: released (4.13.4-1) +4.9-stretch-security: ignored "Minor issue" +3.16-jessie-security: ignored "Minor issue" +3.2-wheezy-security: ignored "Minor issue" diff --git a/retired/CVE-2018-1091 b/retired/CVE-2018-1091 new file mode 100644 index 000000000..9aa9e03b7 --- /dev/null +++ b/retired/CVE-2018-1091 @@ -0,0 +1,17 @@ +Description: KVM guest kernel crash during core dump on POWER9 host +References: + http://www.openwall.com/lists/oss-security/2018/03/27/4 + https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2 + https://bugzilla.redhat.com/show_bug.cgi?id=1558149 +Notes: + bwh> POWER9 support was added around Linux 4.6, so this doesn't affect + bwh> older branches. +Bugs: +upstream: released (4.14-rc2) [c1fa0768a8713b135848f78fd43ffc208d8ded70] +4.9-upstream-stable: released (4.9.53) [f89f25b531471a6ba43f0b5658f9359fcf33a285] +3.16-upstream-stable: N/A "Hardware not supported" +3.2-upstream-stable: N/A "Hardware not supported" +sid: released (4.13.10-1) +4.9-stretch-security: released (4.9.65-1) +3.16-jessie-security: N/A "Hardware not supported" +3.2-wheezy-security: N/A "Architecture no longer supported" -- cgit v1.2.3