From e09f65df9f6064cf27d5a589af08aa5da734845b Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Fri, 22 Dec 2017 22:40:44 +0000
Subject: Paste issue descriptions from DLA-1200-1

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5817 e094ebfe-e918-0410-adfb-c712417f3574
---
 dsa-texts/4.9.65-3+deb9u1 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'dsa-texts/4.9.65-3+deb9u1')

diff --git a/dsa-texts/4.9.65-3+deb9u1 b/dsa-texts/4.9.65-3+deb9u1
index d2c194af..8bd3be70 100644
--- a/dsa-texts/4.9.65-3+deb9u1
+++ b/dsa-texts/4.9.65-3+deb9u1
@@ -10,6 +10,15 @@ leaks.
 
 CVE-2017-8824
 
+    Mohamed Ghannam discovered that the DCCP implementation did not
+    correctly manage resources when a socket is disconnected and
+    reconnected, potentially leading to a use-after-free.  A local
+    user could use this for denial of service (crash or data
+    corruption) or possibly for privilege escalation.  On systems that
+    do not already have the dccp module loaded, this can be mitigated
+    by disabling it:
+    echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
+
 CVE-2017-16538
 
 CVE-2017-16644
@@ -36,6 +45,11 @@ CVE-2017-17807
 
 CVE-2017-1000407
 
+    Andrew Honig reported that the KVM implementation for Intel
+    processors allowed direct access to host I/O port 0x80, which
+    is not generally safe.  On some systems this allows a guest
+    VM to cause a denial of service (crash) of the host.
+
 CVE-2017-1000410
 
 For the stable distribution (stretch), these problems have been fixed
-- 
cgit v1.2.3