[kernel-sec-discuss] r3799 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon May 25 20:38:17 UTC 2015
Author: jmm
Date: 2015-05-25 20:38:17 +0000 (Mon, 25 May 2015)
New Revision: 3799
Modified:
active/CVE-2014-8159
active/CVE-2014-9717
active/CVE-2015-2041
active/CVE-2015-2042
active/CVE-2015-2922
active/CVE-2015-3339
Log:
more fixes from 2.6.32.66
Modified: active/CVE-2014-8159
===================================================================
--- active/CVE-2014-8159 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2014-8159 2015-05-25 20:38:17 UTC (rev 3799)
@@ -4,7 +4,7 @@
Notes:
Bugs:
upstream: released (4.0) [8494057ab5e40df590ef6ef7d66324d3ae33356b]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
sid: released (3.16.7-ckt9-1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ib-core-prevent-integer-overflow-in-ib_umem_get.patch]
Modified: active/CVE-2014-9717
===================================================================
--- active/CVE-2014-9717 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2014-9717 2015-05-25 20:38:17 UTC (rev 3799)
@@ -26,6 +26,7 @@
jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
bwh> I think the last four are needed for CVE-2015-2925, not CVE-2014-9717
+ jmm> These fixes rely on the fs_pin work by Al Viro
Bugs:
upstream: released (4.1-rc1) [a3b3c5627c8301ac850962b04f645dfab81e6a60^..e0c9c0afd2fc958ffa34b697972721d81df8a56f]
2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
@@ -33,5 +34,16 @@
3.16-jessie-security: needed
3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
-3.16-upstream-stable: needed
+3.16-upstream-stable: ignored "too intrusive to backport"
3.2-upstream-stable: N/A "user namespaces known broken before 3.5"
+
+
+
+
+
+
+
+
+
+
+
Modified: active/CVE-2015-2041
===================================================================
--- active/CVE-2015-2041 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2041 2015-05-25 20:38:17 UTC (rev 3799)
@@ -5,7 +5,7 @@
bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
Bugs:
upstream: released (v3.19-rc7) [6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
sid: released (3.16.7-ckt9-1)
3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch]
Modified: active/CVE-2015-2042
===================================================================
--- active/CVE-2015-2042 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2042 2015-05-25 20:38:17 UTC (rev 3799)
@@ -5,7 +5,7 @@
bwh> is minimal: leaks 4 bytes of static data on 64-bit architectures.
Bugs:
upstream: released (v3.19) [db27ebb111e9f69efece08e4cb6a34ff980f8896]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
sid: released (3.16.7-ckt9-1)
3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch]
Modified: active/CVE-2015-2922
===================================================================
--- active/CVE-2015-2922 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-2922 2015-05-25 20:38:17 UTC (rev 3799)
@@ -3,7 +3,7 @@
Notes:
Bugs:
upstream: released (4.0) [6fd99094de2b83d1d4c8457f2c83483b2828e75a]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
sid: released (3.16.7-ckt9-1) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
3.16-jessie-security: N/A "Fixed before initial release"
3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch]
Modified: active/CVE-2015-3339
===================================================================
--- active/CVE-2015-3339 2015-05-25 20:36:31 UTC (rev 3798)
+++ active/CVE-2015-3339 2015-05-25 20:38:17 UTC (rev 3799)
@@ -3,7 +3,7 @@
Notes:
Bugs:
upstream: released (4.1-rc1) [8b01fc86b9f425899f8a3a8fc1c47d73c2c20543]
-2.6.32-upstream-stable: pending (2.6.32.66)
+2.6.32-upstream-stable: released (2.6.32.66)
sid: released (3.16.7-ckt9-3) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]
3.16-jessie-security: released (3.16.7-ckt9-3~deb8u1) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]
3.2-wheezy-security: released (3.2.68-1+deb7u1) [bugfix/all/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id-.patch]
More information about the kernel-sec-discuss
mailing list