[kernel-sec-discuss] r4814 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Dec 28 20:44:29 UTC 2016 

Author: benh
Date: 2016-12-28 20:44:29 +0000 (Wed, 28 Dec 2016)
New Revision: 4814

Modified:
   active/CVE-2012-6704
   active/CVE-2015-8962
   active/CVE-2015-8963
   active/CVE-2015-8964
   active/CVE-2016-7911
   active/CVE-2016-7915
   active/CVE-2016-8399
   active/CVE-2016-8655
   active/CVE-2016-9555
   active/CVE-2016-9576
   active/CVE-2016-9793
Log:
Mark issues pending for wheezy

Modified: active/CVE-2012-6704
===================================================================
--- active/CVE-2012-6704	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2012-6704	2016-12-28 20:44:29 UTC (rev 4814)
@@ -19,4 +19,4 @@
 3.2-upstream-stable: needed
 sid: released (3.8.11-1)
 3.16-jessie-security: N/A "Fixed before initial 3.16 release"
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/net-cleanups-in-sock_setsockopt.patch]

Modified: active/CVE-2015-8962
===================================================================
--- active/CVE-2015-8962	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2015-8962	2016-12-28 20:44:29 UTC (rev 4814)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: needed
 sid: released (4.4.2-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/sg-fix-double-free-when-drives-detach-during-sg_io.patch]

Modified: active/CVE-2015-8963
===================================================================
--- active/CVE-2015-8963	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2015-8963	2016-12-28 20:44:29 UTC (rev 4814)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: needed
 sid: released (4.4.2-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/perf-fix-race-in-swevent-hash.patch]

Modified: active/CVE-2015-8964
===================================================================
--- active/CVE-2015-8964	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2015-8964	2016-12-28 20:44:29 UTC (rev 4814)
@@ -15,4 +15,4 @@
 3.2-upstream-stable: needed
 sid: released (4.5.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch]

Modified: active/CVE-2016-7911
===================================================================
--- active/CVE-2016-7911	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-7911	2016-12-28 20:44:29 UTC (rev 4814)
@@ -8,4 +8,4 @@
 3.2-upstream-stable: needed
 sid: released (4.7.2-1)
 3.16-jessie-security: pending (3.16.36-1+deb8u3) [bugfix/all/block-fix-use-after-free-in-sys_ioprio_get.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/block-fix-use-after-free-in-sys_ioprio_get.patch]

Modified: active/CVE-2016-7915
===================================================================
--- active/CVE-2016-7915	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-7915	2016-12-28 20:44:29 UTC (rev 4814)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: needed
 sid: released (4.6.1-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/hid-core-prevent-out-of-bound-readings.patch]

Modified: active/CVE-2016-8399
===================================================================
--- active/CVE-2016-8399	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-8399	2016-12-28 20:44:29 UTC (rev 4814)
@@ -1,10 +1,13 @@
 Description: net: ping: check minimum size on ICMP header length
 References:
 Notes:
+ bwh> Access to ping sockets is limited to a range of groups, defaulting
+ bwh> to an empty range.  As Debian's ping still uses raw sockets, we
+ bwh> don't change that default and this is not exploitable.
 Bugs:
 upstream: released (4.9) [0eab121ef8750a5c8637d51534d5e9143fb0633f]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: released (4.8.15-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/net-ping-check-minimum-size-on-icmp-header-length.patch]

Modified: active/CVE-2016-8655
===================================================================
--- active/CVE-2016-8655	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-8655	2016-12-28 20:44:29 UTC (rev 4814)
@@ -3,10 +3,12 @@
  http://www.openwall.com/lists/oss-security/2016/12/06/1
 Notes:
  carnil> Introduced in 3.2-rc1 with f6fb8f100b807378fda19e83e5ac6828b638603a
+ bwh> But AF_PACKET is only usable with CAP_NET_RAW, so is not so serious a
+ bwh> vulnerability without unprivileged user namespaces enabled.
 Bugs:
 upstream: released (4.9-rc8) [84ac7260236a49c79eede91617700174c2c19b0c]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
 sid: released (4.8.15-1)
-3.16-jessie-security:
-3.2-wheezy-security:
+3.16-jessie-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch]

Modified: active/CVE-2016-9555
===================================================================
--- active/CVE-2016-9555	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-9555	2016-12-28 20:44:29 UTC (rev 4814)
@@ -7,4 +7,4 @@
 3.2-upstream-stable: needed
 sid: released (4.8.11-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/sctp-validate-chunk-len-before-actually-using-it.patch]

Modified: active/CVE-2016-9576
===================================================================
--- active/CVE-2016-9576	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-9576	2016-12-28 20:44:29 UTC (rev 4814)
@@ -16,4 +16,4 @@
 3.2-upstream-stable: needed
 sid: needed
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch]

Modified: active/CVE-2016-9793
===================================================================
--- active/CVE-2016-9793	2016-12-28 17:49:45 UTC (rev 4813)
+++ active/CVE-2016-9793	2016-12-28 20:44:29 UTC (rev 4814)
@@ -10,4 +10,4 @@
 3.2-upstream-stable: needed
 sid: released (4.8.15-1)
 3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.84-1) [bugfix/all/net-avoid-signed-overflows-for-so_-snd-rcv-bufforce.patch]

More information about the kernel-sec-discuss mailing list