[kernel-sec-discuss] r4005 - active retired
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Nov 17 07:42:36 UTC 2015
Author: jmm
Date: 2015-11-17 07:42:36 +0000 (Tue, 17 Nov 2015)
New Revision: 4005
Added:
retired/CVE-2015-0272
retired/CVE-2015-2925
retired/CVE-2015-5257
retired/CVE-2015-5697
retired/CVE-2015-7613
Removed:
active/CVE-2015-0272
active/CVE-2015-2925
active/CVE-2015-5257
active/CVE-2015-5697
active/CVE-2015-7613
Log:
retire issues which are pending for 2.6.32 LTS and fixed elsewhere
(the 2.6.32.x releases only happen very rarely, avoid clogging up
the list of open issues)
Deleted: active/CVE-2015-0272
===================================================================
--- active/CVE-2015-0272 2015-11-16 22:20:03 UTC (rev 4004)
+++ active/CVE-2015-0272 2015-11-17 07:42:36 UTC (rev 4005)
@@ -1,14 +0,0 @@
-Description: remote DoS using IPv6 RA with bogus MTU
-References:
- - http://article.gmane.org/gmane.linux.network/351269
- - https://bugzilla.redhat.com/show_bug.cgi?id=1192132
-Notes:
-Bugs:
-upstream: released (v4.0-rc3) [77751427a1ff25b27d47a4c36b12c3c8667855ac]
-3.16-upstream-stable: released (3.16.7-ckt18)
-3.2-upstream-stable: released (3.2.72) [ipv6-addrconf-validate-new-mtu-before-applying-it.patch]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.0.2-1)
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
Deleted: active/CVE-2015-2925
===================================================================
--- active/CVE-2015-2925 2015-11-16 22:20:03 UTC (rev 4004)
+++ active/CVE-2015-2925 2015-11-17 07:42:36 UTC (rev 4005)
@@ -1,25 +0,0 @@
-Description: Escape from sub-tree of bind-mounts
-References:
- http://thread.gmane.org/gmane.linux.kernel.containers/28939/
- https://marc.info/?l=oss-security&m=142805871412239&w=2
-Notes:
- bwh> This is usually dependent on having CAP_SYS_ADMIN in a user namespace
- bwh> (to change mounts), so not exploitable in older kernel versions.
- bwh> However, Eric Biederman says that some systems set up user sessions
- bwh> using chroots that are descendants of the user's home. This bug
- bwh> allows escaping from such a chroot.
- jmm> Split from CVE-2014-9717:
- jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
- jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
- bwh> Finally fixed upstream in a somewhat simpler way.
-Bugs:
-upstream: released (4.3-rc1) [cde93be45a8a90d8c264c776fab63487b5038a65, 397d425dc26da728396e66d392d5dcb8dac30c37]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.2.1-1) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-f.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/namei-lift-open-coded-terminate_walk-in-follow_dotdo.patch, bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-f.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
-3.16-upstream-stable: released (3.16.7-ckt19) [a75ff8a85153c785ff1ba70ba2a652f6c1f99a5b, 15b1989605d51fb1efb3728ba68e417c4ee02afb]
-3.2-upstream-stable: released (3.2.72) [dcache-handle-escaped-paths-in-prepend_path.patch, vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
Deleted: active/CVE-2015-5257
===================================================================
--- active/CVE-2015-5257 2015-11-16 22:20:03 UTC (rev 4004)
+++ active/CVE-2015-5257 2015-11-17 07:42:36 UTC (rev 4005)
@@ -1,14 +0,0 @@
-Description: NULL pointer dereference in whiteheat probe
-References:
- http://www.openwall.com/lists/oss-security/2015/09/23/1
- https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git/commit?id=cbb4be652d374f64661137756b8f357a1827d6a4
-Notes:
-Bugs:
-upstream: released (4.3-rc3) [cbb4be652d374f64661137756b8f357a1827d6a4]
-3.16-upstream-stable: released (3.16.7-ckt19) [73e6391770a65856100661b56bcfa4b37bd0a98e]
-3.2-upstream-stable: released (3.2.72) [usb-whiteheat-fix-potential-null-deref-at-probe.patch]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.2.1-1) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
-3.16-jessie-security: released (3.16.7-ckt11+deb8u5) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
Deleted: active/CVE-2015-5697
===================================================================
--- active/CVE-2015-5697 2015-11-16 22:20:03 UTC (rev 4004)
+++ active/CVE-2015-5697 2015-11-17 07:42:36 UTC (rev 4005)
@@ -1,13 +0,0 @@
-Description: information leak in md driver
-References:
- - http://www.openwall.com/lists/oss-security/2015/07/28/2
-Notes:
-Bugs:
-upstream: released (4.2-rc6) [b6878d9e03043695dbf3fa1caa6dfc09db225b16]
-3.16-upstream-stable: released (3.16.7-ckt17)
-3.2-upstream-stable: released (3.2.72) [md-use-kzalloc-when-bitmap-is-disabled.patch]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.1.3-1) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u3) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u3) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
Deleted: active/CVE-2015-7613
===================================================================
--- active/CVE-2015-7613 2015-11-16 22:20:03 UTC (rev 4004)
+++ active/CVE-2015-7613 2015-11-17 07:42:36 UTC (rev 4005)
@@ -1,15 +0,0 @@
-Description: Unauthorized access to IPC objects with SysV shm
-References:
-Notes:
- carnil> Not sure if this was introduced with dbfcd91f06f0e2d5564b2fd184e9c2a43675f9ab ff.
- carnil> and thus wheezy not affected. Needs to be checked.
- bwh> Both squeeze and wheezy have this issue.
-Bugs:
-upstream: released (v4.3-rc4) [b9a532277938798b53178d5a66af6e2915cb27cf]
-3.16-upstream-stable: released (3.16.7-ckt19)
-3.2-upstream-stable: released (3.2.72) [initialize-msg-shm-ipc-objects-before-doing-ipc_addid.patch]
-2.6.32-upstream-stable: pending (2.6.32.69)
-sid: released (4.2.3-1) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addid.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u5) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addid.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch]
Copied: retired/CVE-2015-0272 (from rev 4004, active/CVE-2015-0272)
===================================================================
--- retired/CVE-2015-0272 (rev 0)
+++ retired/CVE-2015-0272 2015-11-17 07:42:36 UTC (rev 4005)
@@ -0,0 +1,14 @@
+Description: remote DoS using IPv6 RA with bogus MTU
+References:
+ - http://article.gmane.org/gmane.linux.network/351269
+ - https://bugzilla.redhat.com/show_bug.cgi?id=1192132
+Notes:
+Bugs:
+upstream: released (v4.0-rc3) [77751427a1ff25b27d47a4c36b12c3c8667855ac]
+3.16-upstream-stable: released (3.16.7-ckt18)
+3.2-upstream-stable: released (3.2.72) [ipv6-addrconf-validate-new-mtu-before-applying-it.patch]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.0.2-1)
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u4) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/ipv6-addrconf-validate-new-MTU-before-applying-it.patch]
Copied: retired/CVE-2015-2925 (from rev 4004, active/CVE-2015-2925)
===================================================================
--- retired/CVE-2015-2925 (rev 0)
+++ retired/CVE-2015-2925 2015-11-17 07:42:36 UTC (rev 4005)
@@ -0,0 +1,25 @@
+Description: Escape from sub-tree of bind-mounts
+References:
+ http://thread.gmane.org/gmane.linux.kernel.containers/28939/
+ https://marc.info/?l=oss-security&m=142805871412239&w=2
+Notes:
+ bwh> This is usually dependent on having CAP_SYS_ADMIN in a user namespace
+ bwh> (to change mounts), so not exploitable in older kernel versions.
+ bwh> However, Eric Biederman says that some systems set up user sessions
+ bwh> using chroots that are descendants of the user's home. This bug
+ bwh> allows escaping from such a chroot.
+ jmm> Split from CVE-2014-9717:
+ jmm> http://www.spinics.net/lists/linux-containers/msg30804.html (16/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30798.html (17/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30797.html (18/19)
+ jmm> http://www.spinics.net/lists/linux-containers/msg30802.html (19/19)
+ bwh> Finally fixed upstream in a somewhat simpler way.
+Bugs:
+upstream: released (4.3-rc1) [cde93be45a8a90d8c264c776fab63487b5038a65, 397d425dc26da728396e66d392d5dcb8dac30c37]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.2.1-1) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-f.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u4) [bugfix/all/namei-lift-open-coded-terminate_walk-in-follow_dotdo.patch, bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-f.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/dcache-handle-escaped-paths-in-prepend_path.patch, bugfix/all/vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
+3.16-upstream-stable: released (3.16.7-ckt19) [a75ff8a85153c785ff1ba70ba2a652f6c1f99a5b, 15b1989605d51fb1efb3728ba68e417c4ee02afb]
+3.2-upstream-stable: released (3.2.72) [dcache-handle-escaped-paths-in-prepend_path.patch, vfs-test-for-and-handle-paths-that-are-unreachable-from-their-mnt_root.patch]
Copied: retired/CVE-2015-5257 (from rev 4004, active/CVE-2015-5257)
===================================================================
--- retired/CVE-2015-5257 (rev 0)
+++ retired/CVE-2015-5257 2015-11-17 07:42:36 UTC (rev 4005)
@@ -0,0 +1,14 @@
+Description: NULL pointer dereference in whiteheat probe
+References:
+ http://www.openwall.com/lists/oss-security/2015/09/23/1
+ https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git/commit?id=cbb4be652d374f64661137756b8f357a1827d6a4
+Notes:
+Bugs:
+upstream: released (4.3-rc3) [cbb4be652d374f64661137756b8f357a1827d6a4]
+3.16-upstream-stable: released (3.16.7-ckt19) [73e6391770a65856100661b56bcfa4b37bd0a98e]
+3.2-upstream-stable: released (3.2.72) [usb-whiteheat-fix-potential-null-deref-at-probe.patch]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.2.1-1) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
+3.16-jessie-security: released (3.16.7-ckt11+deb8u5) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/usb-whiteheat-fix-potential-null-deref-at-probe.patch]
Copied: retired/CVE-2015-5697 (from rev 4004, active/CVE-2015-5697)
===================================================================
--- retired/CVE-2015-5697 (rev 0)
+++ retired/CVE-2015-5697 2015-11-17 07:42:36 UTC (rev 4005)
@@ -0,0 +1,13 @@
+Description: information leak in md driver
+References:
+ - http://www.openwall.com/lists/oss-security/2015/07/28/2
+Notes:
+Bugs:
+upstream: released (4.2-rc6) [b6878d9e03043695dbf3fa1caa6dfc09db225b16]
+3.16-upstream-stable: released (3.16.7-ckt17)
+3.2-upstream-stable: released (3.2.72) [md-use-kzalloc-when-bitmap-is-disabled.patch]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.1.3-1) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u3) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u3) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze14) [bugfix/all/md-use-kzalloc-when-bitmap-is-disabled.patch]
Copied: retired/CVE-2015-7613 (from rev 4004, active/CVE-2015-7613)
===================================================================
--- retired/CVE-2015-7613 (rev 0)
+++ retired/CVE-2015-7613 2015-11-17 07:42:36 UTC (rev 4005)
@@ -0,0 +1,15 @@
+Description: Unauthorized access to IPC objects with SysV shm
+References:
+Notes:
+ carnil> Not sure if this was introduced with dbfcd91f06f0e2d5564b2fd184e9c2a43675f9ab ff.
+ carnil> and thus wheezy not affected. Needs to be checked.
+ bwh> Both squeeze and wheezy have this issue.
+Bugs:
+upstream: released (v4.3-rc4) [b9a532277938798b53178d5a66af6e2915cb27cf]
+3.16-upstream-stable: released (3.16.7-ckt19)
+3.2-upstream-stable: released (3.2.72) [initialize-msg-shm-ipc-objects-before-doing-ipc_addid.patch]
+2.6.32-upstream-stable: pending (2.6.32.69)
+sid: released (4.2.3-1) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addid.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u5) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addid.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u5) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze16) [bugfix/all/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch]
More information about the kernel-sec-discuss
mailing list