[kernel-sec-discuss] r4090 - active retired
Ben Hutchings
benh at moszumanska.debian.org
Thu Jan 14 22:45:53 UTC 2016
Author: benh
Date: 2016-01-14 22:45:53 +0000 (Thu, 14 Jan 2016)
New Revision: 4090
Added:
retired/CVE-2013-7446
retired/CVE-2015-7990
retired/CVE-2015-8550
retired/CVE-2015-8551
retired/CVE-2015-8552
retired/CVE-2015-8569
Removed:
active/CVE-2013-7446
active/CVE-2015-7990
active/CVE-2015-8550
active/CVE-2015-8551
active/CVE-2015-8552
active/CVE-2015-8569
Log:
Retire various issues
All marked ignored, released or N/A for Debian
and ignored, released, pending or N/A for upstream.
Deleted: active/CVE-2013-7446
===================================================================
--- active/CVE-2013-7446 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2013-7446 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,16 +0,0 @@
-Description: Unix sockets use after free - peer_wait_queue prematurely freed
-References:
- - https://bugzilla.redhat.com/show_bug.cgi?id=1282688
- - http://www.openwall.com/lists/oss-security/2015/11/18/9
- - https://patchwork.ozlabs.org/patch/547061/
-Notes:
- bwh> Patch claims this was introduced by commit ec0d215f9420, i.e. Linux 2.6.26
-Bugs:
-upstream: released (4.4-rc4) [7d267278a9ece963d77eefec61630223fce08c6c]
-3.16-upstream-stable: released (3.16.7-ckt22)
-3.2-upstream-stable: released (3.2.75) [unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
-2.6.32-upstream-stable: pending (2.6.32.70)
-sid: released (4.2.6-2) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
Deleted: active/CVE-2015-7990
===================================================================
--- active/CVE-2015-7990 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2015-7990 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,13 +0,0 @@
-Description: Incomplete fix for CVE-2015-6937
-References:
- https://lkml.org/lkml/2015/10/16/530
-Notes:
-Bugs:
-upstream: released (4.4-rc4) [8c7188b23474cca017b3ef354c4a58456f68303a]
-3.16-upstream-stable: released (3.16.7-ckt22)
-3.2-upstream-stable: released (3.2.75) [rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
-2.6.32-upstream-stable: pending (2.6.32.70)
-sid: released (4.2.6-1) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
-3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
-3.2-wheezy-security: released (3.2.68-1+deb7u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
-2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
Deleted: active/CVE-2015-8550
===================================================================
--- active/CVE-2015-8550 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2015-8550 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,12 +0,0 @@
-Description: paravirtualized drivers incautious about shared memory contents
-References: http://xenbits.xen.org/xsa/advisory-155.html
-Notes:
-Bugs:
-upstream: released (4.4-rc6) [454d5d882c7e412b840e3c99010fe81a9862f6fb, 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357, 68a33bfd8403e4e22847165d149823a2e0e67c9c, 1f13d75ccb806260079e0679d55d9253e370ec8a, 18779149101c0dd43ded43669ae2a92d21b6f9cb, be69746ec12f35b484707da505c6c76ff06f97dc, 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5]
-3.16-upstream-stable: pending (3.16.7-ckt23)
-3.2-upstream-stable: pending (3.2.76) [xen-add-ring_copy_request.patch, xen-netback-don-t-use-last-request-to-determine-minimum-tx-credit.patch, xen-netback-use-ring_copy_request-throughout.patch, xen-blkback-only-read-request-operation-from-shared-ring-once.patch, xen-pciback-save-xen_pci_op-commands-before-processing-it.patch#]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
-2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Deleted: active/CVE-2015-8551
===================================================================
--- active/CVE-2015-8551 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2015-8551 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,12 +0,0 @@
-Description: Linux pciback missing sanity checks leading to crash
-References: http://xenbits.xen.org/xsa/advisory-157.html
-Notes: Same set of fixes as for CVE-2015-8552
-Bugs:
-upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
-3.16-upstream-stable: pending (3.16.7-ckt23)
-3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Deleted: active/CVE-2015-8552
===================================================================
--- active/CVE-2015-8552 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2015-8552 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,12 +0,0 @@
-Description: Linux pciback missing sanity checks leading to crash
-References: http://xenbits.xen.org/xsa/advisory-157.html
-Notes: Same set of fixes as for CVE-2015-8551
-Bugs:
-upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
-3.16-upstream-stable: pending (3.16.7-ckt23)
-3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
-2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Deleted: active/CVE-2015-8569
===================================================================
--- active/CVE-2015-8569 2016-01-14 22:42:22 UTC (rev 4089)
+++ active/CVE-2015-8569 2016-01-14 22:45:53 UTC (rev 4090)
@@ -1,14 +0,0 @@
-Description: information leak from pptp get{sock,peer}name
-References:
- - http://twitter.com/grsecurity/statuses/676744240802750464
- - https://lkml.org/lkml/2015/12/14/252
-Notes:
-Bugs:
-upstream: released (4.4-rc6) [09ccfd238e5a0e670d8178cf50180ea81ae09ae1]
-3.16-upstream-stable: released (3.16.7-ckt22)
-3.2-upstream-stable: released (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
-2.6.32-upstream-stable: N/A "Vulnerable code not present"
-sid: released (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
-3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
-3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
-2.6.32-squeeze-security: N/A "Vulnerable code not present"
Copied: retired/CVE-2013-7446 (from rev 4089, active/CVE-2013-7446)
===================================================================
--- retired/CVE-2013-7446 (rev 0)
+++ retired/CVE-2013-7446 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,16 @@
+Description: Unix sockets use after free - peer_wait_queue prematurely freed
+References:
+ - https://bugzilla.redhat.com/show_bug.cgi?id=1282688
+ - http://www.openwall.com/lists/oss-security/2015/11/18/9
+ - https://patchwork.ozlabs.org/patch/547061/
+Notes:
+ bwh> Patch claims this was introduced by commit ec0d215f9420, i.e. Linux 2.6.26
+Bugs:
+upstream: released (4.4-rc4) [7d267278a9ece963d77eefec61630223fce08c6c]
+3.16-upstream-stable: released (3.16.7-ckt22)
+3.2-upstream-stable: released (3.2.75) [unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
+2.6.32-upstream-stable: pending (2.6.32.70)
+sid: released (4.2.6-2) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u1) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch]
Copied: retired/CVE-2015-7990 (from rev 4089, active/CVE-2015-7990)
===================================================================
--- retired/CVE-2015-7990 (rev 0)
+++ retired/CVE-2015-7990 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,13 @@
+Description: Incomplete fix for CVE-2015-6937
+References:
+ https://lkml.org/lkml/2015/10/16/530
+Notes:
+Bugs:
+upstream: released (4.4-rc4) [8c7188b23474cca017b3ef354c4a58456f68303a]
+3.16-upstream-stable: released (3.16.7-ckt22)
+3.2-upstream-stable: released (3.2.75) [rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
+2.6.32-upstream-stable: pending (2.6.32.70)
+sid: released (4.2.6-1) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
+3.2-wheezy-security: released (3.2.68-1+deb7u6) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
+2.6.32-squeeze-security: released (2.6.32-48squeeze17) [bugfix/all/rds-fix-race-condition-when-sending-a-message-on-unbound-socket.patch]
Copied: retired/CVE-2015-8550 (from rev 4089, active/CVE-2015-8550)
===================================================================
--- retired/CVE-2015-8550 (rev 0)
+++ retired/CVE-2015-8550 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,12 @@
+Description: paravirtualized drivers incautious about shared memory contents
+References: http://xenbits.xen.org/xsa/advisory-155.html
+Notes:
+Bugs:
+upstream: released (4.4-rc6) [454d5d882c7e412b840e3c99010fe81a9862f6fb, 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357, 68a33bfd8403e4e22847165d149823a2e0e67c9c, 1f13d75ccb806260079e0679d55d9253e370ec8a, 18779149101c0dd43ded43669ae2a92d21b6f9cb, be69746ec12f35b484707da505c6c76ff06f97dc, 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5]
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-add-ring_copy_request.patch, xen-netback-don-t-use-last-request-to-determine-minimum-tx-credit.patch, xen-netback-use-ring_copy_request-throughout.patch, xen-blkback-only-read-request-operation-from-shared-ring-once.patch, xen-pciback-save-xen_pci_op-commands-before-processing-it.patch#]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.3.3-3) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-scsiback-safely-copy-requests.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-blkback-read-from-indirect-descriptors-only-once.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-add-ring_copy_request.patch, bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch, bugfix/all/xen-netback-use-ring_copy_request-throughout.patch, bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch, bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch]
+2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Copied: retired/CVE-2015-8551 (from rev 4089, active/CVE-2015-8551)
===================================================================
--- retired/CVE-2015-8551 (rev 0)
+++ retired/CVE-2015-8551 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,12 @@
+Description: Linux pciback missing sanity checks leading to crash
+References: http://xenbits.xen.org/xsa/advisory-157.html
+Notes: Same set of fixes as for CVE-2015-8552
+Bugs:
+upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Copied: retired/CVE-2015-8552 (from rev 4089, active/CVE-2015-8552)
===================================================================
--- retired/CVE-2015-8552 (rev 0)
+++ retired/CVE-2015-8552 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,12 @@
+Description: Linux pciback missing sanity checks leading to crash
+References: http://xenbits.xen.org/xsa/advisory-157.html
+Notes: Same set of fixes as for CVE-2015-8551
+Bugs:
+upstream: released (4.4-rc6) [56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d, 5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9, a396f3a210c3a61e94d6b87ec05a75d0be2a60d0, 7cfb905b9638982862f0331b36ccaaca5d383b49, 408fb0e5aa7fda0059db282ff58c3b2a4278baa0]
+3.16-upstream-stable: pending (3.16.7-ckt23)
+3.2-upstream-stable: pending (3.2.76) [xen-pciback-return-error-on-xen_pci_op_enable_msi-when-device-has.patch, xen-pciback-return-error-on-xen_pci_op_enable_msix-when-device-has.patch, xen-pciback-do-not-install-an-irq-handler-for-msi-interrupts.patch, xen-pciback-for-xen_pci_op_disable_msi-only-disable-if-device.patch, xen-pciback-don-t-allow-msi-x-ops-if-pci_command_memory-is-not-set.patch]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.3.3-3) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch, bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch, bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch, bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch, bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch]
+2.6.32-squeeze-security: ignored "Xen not supported in Squeeze LTS"
Copied: retired/CVE-2015-8569 (from rev 4089, active/CVE-2015-8569)
===================================================================
--- retired/CVE-2015-8569 (rev 0)
+++ retired/CVE-2015-8569 2016-01-14 22:45:53 UTC (rev 4090)
@@ -0,0 +1,14 @@
+Description: information leak from pptp get{sock,peer}name
+References:
+ - http://twitter.com/grsecurity/statuses/676744240802750464
+ - https://lkml.org/lkml/2015/12/14/252
+Notes:
+Bugs:
+upstream: released (4.4-rc6) [09ccfd238e5a0e670d8178cf50180ea81ae09ae1]
+3.16-upstream-stable: released (3.16.7-ckt22)
+3.2-upstream-stable: released (3.2.75) [pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch]
+2.6.32-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.3.3-3) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
+3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
+3.2-wheezy-security: released (3.2.73-2+deb7u2) [bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch]
+2.6.32-squeeze-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list