diff options
author | Ben Hutchings <benh@debian.org> | 2017-09-20 17:54:01 +0000 |
---|---|---|
committer | Ben Hutchings <benh@debian.org> | 2017-09-20 17:54:01 +0000 |
commit | 55ed5bf2c600b8e2de83df473ae0bd4d2679c253 (patch) | |
tree | 6c657d525cf5c661b5e46ea1a9b7795df5cbbce2 /dsa-texts/4.9.30-2+deb9u5 | |
parent | 54b0fa9158481f62a46e2116a6558d2d67cf03ea (diff) |
Fill in most issue details for DSA for 3.16.43-2+deb8u5/4.9.30-2+deb9u5
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@5573 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'dsa-texts/4.9.30-2+deb9u5')
-rw-r--r-- | dsa-texts/4.9.30-2+deb9u5 | 90 |
1 files changed, 87 insertions, 3 deletions
diff --git a/dsa-texts/4.9.30-2+deb9u5 b/dsa-texts/4.9.30-2+deb9u5 index d61790674..fda637117 100644 --- a/dsa-texts/4.9.30-2+deb9u5 +++ b/dsa-texts/4.9.30-2+deb9u5 @@ -1,5 +1,11 @@ Package : linux -CVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600 CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380 +CVE ID : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600 + CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154 + CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 + CVE-2017-14340 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 + CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 + CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380 +Debian Bug : #866511 #875881 Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information @@ -20,13 +26,47 @@ CVE-2017-7558 (stretch only) CVE-2017-10661 (jessie only) + Dmitry Vyukov of Google reported that the timerfd facility does + not properly handle certain concurrent operations on a single file + descriptor. This allows a local attacker to cause a denial of + service or potentially execute arbitrary code. CVE-2017-11600 -CVE-2017-12134 + + Bo Zhang reported that the xfrm subsystem does not properly + validate one of the parameters to a netlink message. Local users + with the CAP_NET_ADMIN capability (in any user namespace) can use + this to cause a denial of service or potentially to execute + arbitrary code. + +CVE-2017-12134 / #866511 / XSA-229 + + Jan H. Schönherr of Amazon discovered that when Linux is running + in a Xen PV domain on an x86 system, it may incorrectly merge + block I/O requests. A buggy or malicious guest may trigger this + bug in dom0 or a PV driver domain, causing a denial of service or + potentially execution of arbitrary code. + + This issue can be mitigated by disabling merges on the underlying + back-end block devices, e.g.: + echo 2 > /sys/block/nvme0n1/queue/nomerges + CVE-2017-12146 (stretch only) + CVE-2017-12153 + + bo Zhang reported that the cfg80211 (wifi) subsystem does not + properly validate the parameters to a netlink message. Local users + with the CAP_NET_ADMIN capability (in any user namespace with a + wifi device) can use this to cause a denial of service. + CVE-2017-12154 + Jim Mattson of Google reported that the KVM implementation for + Intel x86 processors did not correctly handle certain nested + hypervisor configurations. A malicious guest (or nested guest in a + suitable L1 hypervisor) could use this for denial of service. + CVE-2017-14106 Andrey Konovalov discovered that a user-triggerable division by @@ -34,18 +74,62 @@ CVE-2017-14106 of service. CVE-2017-14140 + CVE-2017-14156 + + "sohu0106" reported an information leak in the atyfb video driver. + A local user with access to a framebuffer device handled by this + driver could use this to obtain sensitive information. + CVE-2017-14340 + + Richard Wareing discovered that the XFS implementation allows the + creation of files with the "realtime" flag on a filesystem with no + realtime device, which can result in a crash (oops). A local user + with access to an XFS filesystem that does not have a realtime + device can use this for denial of service. + CVE-2017-14489 + + ChunYu of Red Hat discovered that the iSCSI subsystem does not + properly validate the length of a netlink message, leading to + memory corruption. A local user with permission to manage iSCSI + devices can use this for denial of service or possibly to + execute arbitrary code. + CVE-2017-14497 (stretch only) + CVE-2017-1000111 + + Andrey Konovalov of Google reported that a race condition in the + raw packet (af_packet) feature. Local users with the CAP_NET_RAW + capability (in any user namespace) can use this for denial of + service or possibly to execute arbitrary code. + CVE-2017-1000112 -CVE-2017-1000251 + +CVE-2017-1000251 / #875881 + + Armis Labs discovered that the Bluetooth subsystem does not + properly validate L2CAP configuration responses, leading to a + stack buffer overflow. This is one of several vulnerabilities + dubbed "Blueborne". A nearby attacker can use this to cause a + denial of service or possibly to execute arbitrary code on a + system with Bluetooth enabled. + CVE-2017-1000252 (stretch only) + CVE-2017-1000370 + CVE-2017-1000371 + CVE-2017-1000380 + Alexander Potapenko of Google reported a race condition in the ALSA + (sound) timer driver, leading to an information leak. A local user + with permission to access sound devices could use this to obtain + sensitive information. + jessie: 3.16.43-2+deb8u5 stretch: 4.9.30-2+deb9u5 |