blob: a9d150f6b36d2d88bbed48a1ee233831e5548dc3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
Package : linux
CVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600 CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2017-7518
Andy Lutomirski discovered that KVM is prone to an incorrect debug
exception(#DB) error occuring while emulating a syscall instruction.
A process inside a quest can take advantage of this flaw for
privilege escalation inside a guest.
CVE-2017-7558 (stretch only)
Stefano Brivio of Red Hat discovered that sctp subsystem is prone to
a data leak vulnerability due to an out-of-bounds read flaw,
allowing to leak up to 100 uninitialized bytes to userspace.
CVE-2017-10661 (jessie only)
CVE-2017-11600
CVE-2017-12134
CVE-2017-12146 (stretch only)
CVE-2017-12153
CVE-2017-12154
CVE-2017-14051
CVE-2017-14106
CVE-2017-14140
CVE-2017-14156
CVE-2017-14340
CVE-2017-14489
CVE-2017-14497 (stretch only)
CVE-2017-1000111
CVE-2017-1000112
CVE-2017-1000251
CVE-2017-1000252 (stretch only)
CVE-2017-1000370
CVE-2017-1000371
CVE-2017-1000380
jessie: 3.16.43-2+deb8u5
stretch: 4.9.30-2+deb9u5
Overview:
3.16-jessie-security 4.9-stretch-security
CVE-2017-7518: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-7558: N/A "Vulnerable code pending (4.9.30-2+de
CVE-2017-10661: pending (3.16.43-2+d N/A "Fixed before in
CVE-2017-11600: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-12134: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-12146: N/A "Vulnerable code pending (4.9.30-2+de
CVE-2017-12153: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-12154: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14051: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14106: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14140: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14156: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14340: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14489: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-14497: N/A "Vulnerable code pending (4.9.30-2+de
CVE-2017-1000111: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-1000112: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-1000251: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-1000252: N/A 'Vulnerable code pending (4.9.30-2+de
CVE-2017-1000370: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-1000371: pending (3.16.43-2+d pending (4.9.30-2+de
CVE-2017-1000380: pending (3.16.43-2+d pending (4.9.30-2+de
# vim:tw=72
|