From 46720c75bdf21f42af598b16d063869315d781f0 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 5 Jul 2023 17:22:16 +0200 Subject: Some finishing touch --- dsa-texts/6.1.37-1 | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'dsa-texts') diff --git a/dsa-texts/6.1.37-1 b/dsa-texts/6.1.37-1 index 07776a37..e6f48629 100644 --- a/dsa-texts/6.1.37-1 +++ b/dsa-texts/6.1.37-1 @@ -1,5 +1,5 @@ Package : linux -CVE ID : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3141 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788 +CVE ID : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information @@ -7,29 +7,28 @@ leaks. CVE-2023-2124 - Kyle Zeng, Akshay Ajayan and Fish Wang that missing metadata - validation may result in denial of service, or potentially privilege - escalation, if a corrupted XFS disk image is mounted. + Kyle Zeng, Akshay Ajayan and Fish Wang discoverd that missing metadata + validation may result in denial of service or potential privilege + escalation if a corrupted XFS disk image is mounted. CVE-2023-2156 - Max VA discovered that the IPv6 RPL protocol implementation in the + It was discovered that the IPv6 RPL protocol implementation in the Linux kernel did not properly handled user-supplied data, resulting - in an assertion failure. An unauthenticated remote attacker can take + in a triggerable assertion. An unauthenticated remote attacker can take advantage of this flaw for denial of service. CVE-2023-2269 - Zheng Zhang reported that improper handling of locking in the device- + Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service. CVE-2023-3090 - It was discovered that missing initialization in the ipvlan - networking, leading to an out-of-bounds write vulnerability, may - result in denial of service, or execution of arbitrary code. + It was discovered that missing initialization in ipvlan networking may + lead to an out-of-bounds write vulnerability, resulting in denial of + service or potentially the execution of arbitrary code. -CVE-2023-3141 CVE-2023-3212 Yang Lan that missing validation in the GFS2 filesystem could result @@ -49,9 +48,8 @@ CVE-2023-3269 CVE-2023-3390 - A use-after-free flaw in the netfilter subsystem because of - incorrect error path handling with NFT_MSG_NEWRULE may result in - denial of service or privilege escalation. + A use-after-free flaw in the netfilter subsystem caused by incorrect + error path handling may result in denial of service or privilege escalation. CVE-2023-31084 -- cgit v1.2.3