[kernel-sec-discuss] r3344 - active

Ben Hutchings benh at moszumanska.debian.org
Sat May 10 21:02:47 UTC 2014 

Author: benh
Date: 2014-05-10 21:02:47 +0000 (Sat, 10 May 2014)
New Revision: 3344

Modified:
   active/CVE-2014-0196
   active/CVE-2014-1737
   active/CVE-2014-1738
   active/CVE-2014-2851
   active/CVE-2014-3122
Log:
Update for patches pending in wheezy-security

Modified: active/CVE-2014-0196
===================================================================
--- active/CVE-2014-0196	2014-05-10 20:41:45 UTC (rev 3343)
+++ active/CVE-2014-0196	2014-05-10 21:02:47 UTC (rev 3344)
@@ -5,6 +5,6 @@
 upstream: released (3.15-rc5) [4291086b1f081b869c6d79e5b7441633dc3ace00]
 2.6.32-upstream-stable:
 sid:
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/n_tty-Fix-n_tty_write-crash-when-echoing-in-raw-mode.patch]
 2.6.32-squeeze-security:
 3.2-upstream-stable:

Modified: active/CVE-2014-1737
===================================================================
--- active/CVE-2014-1737	2014-05-10 20:41:45 UTC (rev 3343)
+++ active/CVE-2014-1737	2014-05-10 21:02:47 UTC (rev 3344)
@@ -5,6 +5,6 @@
 upstream: released (3.15-rc4) [ef87dbe7614341c2e7bfe8d32fcb7028cc97442c]
 2.6.32-upstream-stable: needed
 sid: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/floppy-ignore-kernel-only-members-in-FDRAWCMD-ioctl-.patch]
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2014-1738
===================================================================
--- active/CVE-2014-1738	2014-05-10 20:41:45 UTC (rev 3343)
+++ active/CVE-2014-1738	2014-05-10 21:02:47 UTC (rev 3344)
@@ -5,6 +5,6 @@
 upstream: released (3.15-rc4) [2145e15e0557a01b9195d1c7199a1b92cb9be81f]
 2.6.32-upstream-stable: needed
 sid: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/floppy-don-t-write-kernel-only-members-to-FDRAWCMD-i.patch]
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: needed

Modified: active/CVE-2014-2851
===================================================================
--- active/CVE-2014-2851	2014-05-10 20:41:45 UTC (rev 3343)
+++ active/CVE-2014-2851	2014-05-10 21:02:47 UTC (rev 3344)
@@ -3,11 +3,12 @@
  https://lkml.org/lkml/2014/4/10/736
 Notes:
  raphael: Appears to have been introduced with the support for IPPROTO_ICMP in 3.0-rc1
- bwh> This doesn't seem very serious as by default no-one can create ping sockets
+ bwh> Bug is in permission checks for creating ping sockets, so is exploitable
+ bwh> even though the default permissions prevent them being created.
 Bugs:
 upstream: released (3.15-rc2) [b04c46190219a4f845e46a459e3102137b7f6cac]
 2.6.32-upstream-stable: N/A "Vulnerable code not present"
 sid:
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/net-ipv4-current-group_info-should-be-put-after-usin.patch]
 2.6.32-squeeze-security: N/A "Vulnerable code not present"
 3.2-upstream-stable:

Modified: active/CVE-2014-3122
===================================================================
--- active/CVE-2014-3122	2014-05-10 20:41:45 UTC (rev 3343)
+++ active/CVE-2014-3122	2014-05-10 21:02:47 UTC (rev 3344)
@@ -5,6 +5,6 @@
 upstream: released (3.15-rc1) [57e68e9cd65b4b8eb4045a1e0d0746458502554c]
 2.6.32-upstream-stable: needed
 sid: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.57-3+deb7u1) [bugfix/all/mm-try_to_unmap_cluster-should-lock_page-before-mloc.patch]
 2.6.32-squeeze-security: needed
 3.2-upstream-stable: released (3.2.58)

More information about the kernel-sec-discuss mailing list