diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-06-17 11:29:51 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-06-17 11:29:51 +0200 |
commit | 8edb19820a99c8a9552ec4814ee966d937bede4b (patch) | |
tree | 608900e262ba4093f33d7de84afecfa4664e7a05 /retired/CVE-2018-1068 | |
parent | 90005264d1f4a917c576e314f18353dc5b63d262 (diff) |
Retire some CVEs
Diffstat (limited to 'retired/CVE-2018-1068')
-rw-r--r-- | retired/CVE-2018-1068 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/retired/CVE-2018-1068 b/retired/CVE-2018-1068 new file mode 100644 index 00000000..49b8fdad --- /dev/null +++ b/retired/CVE-2018-1068 @@ -0,0 +1,24 @@ +Description: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets +References: + https://marc.info/?l=linux-netdev&m=152023808817590&w=2 + https://marc.info/?l=linux-netdev&m=152025888924151&w=2 + https://bugzilla.redhat.com/show_bug.cgi?id=1552048 +Notes: + carnil> Fixed as well in 4.15.10 + carnil> This is mitigated in Debian by unprivileged user namespaces being + carnil> default-disabled. + carnil> cherry picking the commit for 4.9.x would need as well commit + carnil> 932909d9b28d27e807ff8eecb68c7748f6701628 ("netfilter: ebtables: + carnil> fix erroneous reject of last rule") as a followup fix. + carnil> Cf. Message-ID: <20180313112930.GA31828@breakpoint.cc> + carnil> else "it becomes impossible to add rules to the last builtin base + carnil> chain." +Bugs: +upstream: released (4.16-rc5) [b71812168571fa55e44cdd0254471331b9c4c4c6] +4.9-upstream-stable: released (4.9.88) [21ff147189ff0692d203282c1dced02f83dcf785] +3.16-upstream-stable: released (3.16.57) [71a00fe67dde7d2ed206a0db2a67f29fad90cc72] +3.2-upstream-stable: released (3.2.102) [dccc6e2c9b486b99b6ec356e14f7de58832b3833] +sid: released (4.15.11-1) +4.9-stretch-security: released (4.9.88-1) +3.16-jessie-security: released (3.16.56-1) [bugfix/all/netfilter-ebtables-config_compat-don-t-trust-userlan.patch] +3.2-wheezy-security: released (3.2.101-1) [bugfix/all/netfilter-ebtables-config_compat-don-t-trust-userlan.patch] |