[kernel-sec-discuss] r3337 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri May 2 07:15:17 UTC 2014 

Author: jmm
Date: 2014-05-02 07:15:17 +0000 (Fri, 02 May 2014)
New Revision: 3337

Added:
   retired/CVE-2014-0055
   retired/CVE-2014-0077
   retired/CVE-2014-1446
   retired/CVE-2014-1874
   retired/CVE-2014-2039
   retired/CVE-2014-2309
   retired/CVE-2014-2523
Removed:
   active/CVE-2014-0055
   active/CVE-2014-0077
   active/CVE-2014-1446
   active/CVE-2014-1874
   active/CVE-2014-2039
   active/CVE-2014-2309
   active/CVE-2014-2523
Log:
retire


Deleted: active/CVE-2014-0055
===================================================================
--- active/CVE-2014-0055	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-0055	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,12 +0,0 @@
-Description: vhost-net: insufficient handling of error conditions in get_rx_bufs()
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0055
- http://rhn.redhat.com/errata/RHSA-2014-0328.html
-Notes:
-Bugs:
-upstream: released (3.14) [a39ee449f96a2cd44ce056d8a0a112211a9b1a1f]
-2.6.32-upstream-stable: N/A "vhost_net introduced in 2.6.33"
-sid: released (3.13.10-1) [bugfix/all/vhost-validate-vhost_get_vq_desc-return-value.patch]
-3.2-wheezy-security: released (3.2.57-1) [bugfix/all/vhost-validate-vhost_get_vq_desc-return-value.patch]
-2.6.32-squeeze-security: N/A "vhost_net introduced in 2.6.33"
-3.2-upstream-stable: released (3.2.58) [vhost-validate-vhost_get_vq_desc-return-value.patch]

Deleted: active/CVE-2014-0077
===================================================================
--- active/CVE-2014-0077	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-0077	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,11 +0,0 @@
-Description: vhost-net: insufficiency in handling of big packets in handle_rx()
-References:
- http://article.gmane.org/gmane.linux.network/311012 
-Notes:
-Bugs:
-upstream: released (3.14) [d8316f3991d207fe32881a9ac20241be8fa2bad0]
-2.6.32-upstream-stable: N/A "vhost_net introduced in 2.6.33"
-sid: released (3.13.10-1) [bugfix/all/vhost-fix-total-length-when-packets-are-too-short.patch]
-3.2-wheezy-security: released (3.2.57-1) [bugfix/all/vhost-fix-total-length-when-packets-are-too-short.patch]
-2.6.32-squeeze-security: N/A "vhost_net introduced in 2.6.33"
-3.2-upstream-stable: released (3.2.58) [vhost-fix-total-length-when-packets-are-too-short.patch]

Deleted: active/CVE-2014-1446
===================================================================
--- active/CVE-2014-1446	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-1446	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,10 +0,0 @@
-Description: hamradio/yam: fix info leak in ioctl
-References:
-Notes:
-Bugs:
-upstream: released (3.13-rc7) [8e3fbf870481eb53b2d3a322d1fc395ad8b367ed]
-2.6.32-upstream-stable: pending
-sid: released (3.12.8-1)
-3.2-wheezy-security: released (3.2.54-1) [bugfix/all/hamradio-yam-fix-info-leak-in-ioctl.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/hamradio-yam-fix-info-leak-in-ioctl.patch]
-3.2-upstream-stable: released (3.2.55)

Deleted: active/CVE-2014-1874
===================================================================
--- active/CVE-2014-1874	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-1874	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,12 +0,0 @@
-Description: SeLinux local DoS
-References:
- http://marc.info/?l=selinux&m=139110025203759&w=2
-Notes:
- Only triggerable with CAP_MAC_ADMIN
-Bugs:
-upstream: released (3.14-rc2) [2172fa709ab32ca60e86179dc67d0857be8e2c98]
-2.6.32-upstream-stable: pending
-sid: released (3.13.4-1)
-3.2-wheezy-security: released (3.2.56-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/SELinux-Fix-kernel-BUG-on-empty-security-contexts.patch]
-3.2-upstream-stable: released (3.2.56)

Deleted: active/CVE-2014-2039
===================================================================
--- active/CVE-2014-2039	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-2039	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,10 +0,0 @@
-Description: s390: fix kernel crash due to linkage stack instructions
-References:
-Notes:
-Bugs:
-upstream: released (3.14-rc2) [8d7f6690cedb83456edd41c9bd583783f0703bf0]
-2.6.32-upstream-stable: pending
-sid: released (3.13.5-1)
-3.2-wheezy-security: released (3.2.57-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/s390/fix-kernel-crash-due-to-linkage-stack-instructi.patch]
-3.2-upstream-stable: released (3.2.57) [s390-fix-kernel-crash-due-to-linkage-stack-instructions.patch]

Deleted: active/CVE-2014-2309
===================================================================
--- active/CVE-2014-2309	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-2309	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,11 +0,0 @@
-Description: ipv6: don't set DST_NOCOUNT for remotely added routes
-References:
- https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
-Notes:
-Bugs:
-upstream: released (3.14-rc4) [c88507fbad8055297c1d1e21e599f46960cbee39]
-2.6.32-upstream-stable: N/A "Introduced in 3.0 with 957c665f37007de93ccbe45902a23143724170d0"
-sid: released (3.13.6-1) [bugfix/all/ipv6-don-t-set-DST_NOCOUNT-for-remotely-added-routes.patch]
-3.2-wheezy-security: released (3.2.57-1) [bugfix/all/ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch]
-2.6.32-squeeze-security: N/A "Introduced in 3.0 with 957c665f37007de93ccbe45902a23143724170d0"
-3.2-upstream-stable: released (3.2.58) [ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch]

Deleted: active/CVE-2014-2523
===================================================================
--- active/CVE-2014-2523	2014-05-02 07:13:47 UTC (rev 3336)
+++ active/CVE-2014-2523	2014-05-02 07:15:17 UTC (rev 3337)
@@ -1,10 +0,0 @@
-Description: netfilter: remote memory corruption in nf_conntrack_proto_dccp
-References:
-Notes:
-Bugs:
-upstream: released (3.14-rc1) [b22f5126a24b3b2f15448c3f2a254fc10cbc2b92]
-2.6.32-upstream-stable: pending
-sid: released (3.13.10-1)
-3.2-wheezy-security: released (3.2.57-1)
-2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/netfilter-nf_conntrack_dccp-fix-skb_header_pointer-A.patch]
-3.2-upstream-stable: released (3.2.57) [netfilter-nf_conntrack_dccp-fix-skb_header_pointer-api-usages.patch]

Copied: retired/CVE-2014-0055 (from rev 3335, active/CVE-2014-0055)
===================================================================
--- retired/CVE-2014-0055	                        (rev 0)
+++ retired/CVE-2014-0055	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,12 @@
+Description: vhost-net: insufficient handling of error conditions in get_rx_bufs()
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0055
+ http://rhn.redhat.com/errata/RHSA-2014-0328.html
+Notes:
+Bugs:
+upstream: released (3.14) [a39ee449f96a2cd44ce056d8a0a112211a9b1a1f]
+2.6.32-upstream-stable: N/A "vhost_net introduced in 2.6.33"
+sid: released (3.13.10-1) [bugfix/all/vhost-validate-vhost_get_vq_desc-return-value.patch]
+3.2-wheezy-security: released (3.2.57-1) [bugfix/all/vhost-validate-vhost_get_vq_desc-return-value.patch]
+2.6.32-squeeze-security: N/A "vhost_net introduced in 2.6.33"
+3.2-upstream-stable: released (3.2.58) [vhost-validate-vhost_get_vq_desc-return-value.patch]


Property changes on: retired/CVE-2014-0055
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-0077 (from rev 3335, active/CVE-2014-0077)
===================================================================
--- retired/CVE-2014-0077	                        (rev 0)
+++ retired/CVE-2014-0077	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,11 @@
+Description: vhost-net: insufficiency in handling of big packets in handle_rx()
+References:
+ http://article.gmane.org/gmane.linux.network/311012 
+Notes:
+Bugs:
+upstream: released (3.14) [d8316f3991d207fe32881a9ac20241be8fa2bad0]
+2.6.32-upstream-stable: N/A "vhost_net introduced in 2.6.33"
+sid: released (3.13.10-1) [bugfix/all/vhost-fix-total-length-when-packets-are-too-short.patch]
+3.2-wheezy-security: released (3.2.57-1) [bugfix/all/vhost-fix-total-length-when-packets-are-too-short.patch]
+2.6.32-squeeze-security: N/A "vhost_net introduced in 2.6.33"
+3.2-upstream-stable: released (3.2.58) [vhost-fix-total-length-when-packets-are-too-short.patch]


Property changes on: retired/CVE-2014-0077
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-1446 (from rev 3336, active/CVE-2014-1446)
===================================================================
--- retired/CVE-2014-1446	                        (rev 0)
+++ retired/CVE-2014-1446	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,10 @@
+Description: hamradio/yam: fix info leak in ioctl
+References:
+Notes:
+Bugs:
+upstream: released (3.13-rc7) [8e3fbf870481eb53b2d3a322d1fc395ad8b367ed]
+2.6.32-upstream-stable: pending
+sid: released (3.12.8-1)
+3.2-wheezy-security: released (3.2.54-1) [bugfix/all/hamradio-yam-fix-info-leak-in-ioctl.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/hamradio-yam-fix-info-leak-in-ioctl.patch]
+3.2-upstream-stable: released (3.2.55)


Property changes on: retired/CVE-2014-1446
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-1874 (from rev 3336, active/CVE-2014-1874)
===================================================================
--- retired/CVE-2014-1874	                        (rev 0)
+++ retired/CVE-2014-1874	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,12 @@
+Description: SeLinux local DoS
+References:
+ http://marc.info/?l=selinux&m=139110025203759&w=2
+Notes:
+ Only triggerable with CAP_MAC_ADMIN
+Bugs:
+upstream: released (3.14-rc2) [2172fa709ab32ca60e86179dc67d0857be8e2c98]
+2.6.32-upstream-stable: pending
+sid: released (3.13.4-1)
+3.2-wheezy-security: released (3.2.56-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/SELinux-Fix-kernel-BUG-on-empty-security-contexts.patch]
+3.2-upstream-stable: released (3.2.56)


Property changes on: retired/CVE-2014-1874
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-2039 (from rev 3336, active/CVE-2014-2039)
===================================================================
--- retired/CVE-2014-2039	                        (rev 0)
+++ retired/CVE-2014-2039	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,10 @@
+Description: s390: fix kernel crash due to linkage stack instructions
+References:
+Notes:
+Bugs:
+upstream: released (3.14-rc2) [8d7f6690cedb83456edd41c9bd583783f0703bf0]
+2.6.32-upstream-stable: pending
+sid: released (3.13.5-1)
+3.2-wheezy-security: released (3.2.57-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/s390/fix-kernel-crash-due-to-linkage-stack-instructi.patch]
+3.2-upstream-stable: released (3.2.57) [s390-fix-kernel-crash-due-to-linkage-stack-instructions.patch]


Property changes on: retired/CVE-2014-2039
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-2309 (from rev 3335, active/CVE-2014-2309)
===================================================================
--- retired/CVE-2014-2309	                        (rev 0)
+++ retired/CVE-2014-2309	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,11 @@
+Description: ipv6: don't set DST_NOCOUNT for remotely added routes
+References:
+ https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
+Notes:
+Bugs:
+upstream: released (3.14-rc4) [c88507fbad8055297c1d1e21e599f46960cbee39]
+2.6.32-upstream-stable: N/A "Introduced in 3.0 with 957c665f37007de93ccbe45902a23143724170d0"
+sid: released (3.13.6-1) [bugfix/all/ipv6-don-t-set-DST_NOCOUNT-for-remotely-added-routes.patch]
+3.2-wheezy-security: released (3.2.57-1) [bugfix/all/ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch]
+2.6.32-squeeze-security: N/A "Introduced in 3.0 with 957c665f37007de93ccbe45902a23143724170d0"
+3.2-upstream-stable: released (3.2.58) [ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch]


Property changes on: retired/CVE-2014-2309
___________________________________________________________________
Added: svn:mergeinfo
   + 

Copied: retired/CVE-2014-2523 (from rev 3336, active/CVE-2014-2523)
===================================================================
--- retired/CVE-2014-2523	                        (rev 0)
+++ retired/CVE-2014-2523	2014-05-02 07:15:17 UTC (rev 3337)
@@ -0,0 +1,10 @@
+Description: netfilter: remote memory corruption in nf_conntrack_proto_dccp
+References:
+Notes:
+Bugs:
+upstream: released (3.14-rc1) [b22f5126a24b3b2f15448c3f2a254fc10cbc2b92]
+2.6.32-upstream-stable: pending
+sid: released (3.13.10-1)
+3.2-wheezy-security: released (3.2.57-1)
+2.6.32-squeeze-security: released (2.6.32-48squeeze5) [bugfix/all/netfilter-nf_conntrack_dccp-fix-skb_header_pointer-A.patch]
+3.2-upstream-stable: released (3.2.57) [netfilter-nf_conntrack_dccp-fix-skb_header_pointer-api-usages.patch]


Property changes on: retired/CVE-2014-2523
___________________________________________________________________
Added: svn:mergeinfo
   +

More information about the kernel-sec-discuss mailing list