From 4a8d4c8359fbe217f0f56a933f923118f473080d Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 30 Sep 2018 23:38:28 +0100 Subject: Improve DSA wording for some issues fixed in 4.9.110-3+deb9u5 --- dsa-texts/4.9.110-3+deb9u5 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'dsa-texts/4.9.110-3+deb9u5') diff --git a/dsa-texts/4.9.110-3+deb9u5 b/dsa-texts/4.9.110-3+deb9u5 index 6f17c384e..ab689bc3f 100644 --- a/dsa-texts/4.9.110-3+deb9u5 +++ b/dsa-texts/4.9.110-3+deb9u5 @@ -11,7 +11,7 @@ leaks. CVE-2018-6554 - A memory leak in the rda_bind function in the irda subsystem was + A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial of service (memory consumption). @@ -25,9 +25,9 @@ CVE-2018-7755 Brian Belleville discovered a flaw in the fd_locked_ioctl function in the floppy driver in the Linux kernel. The floppy driver copies a - kernel pointer to user memory in response to the FDGETPRM ioctl. An - attacker can take advantage of this flaw to discover the location - kernel code and data. + kernel pointer to user memory in response to the FDGETPRM ioctl. A + local user with access to a floppy drive device can take advantage + of this flaw to discover the location kernel code and data. CVE-2018-9363 @@ -95,9 +95,9 @@ CVE-2018-16658 CVE-2018-17182 Jann Horn discovered that the vmacache_flush_all function mishandles - sequence number overflows. An attacker can take advantage of this - flaw to trigger a use-after-free and cause a denial of service or - privilege escalation. + sequence number overflows. A local user can take advantage of this + flaw to trigger a use-after-free, causing a denial of service + (crash or memory corruption) or privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u5. -- cgit v1.2.3