[kernel-sec-discuss] r4103 - active

Ben Hutchings benh at moszumanska.debian.org
Tue Jan 19 15:56:16 UTC 2016


Author: benh
Date: 2016-01-19 15:56:16 +0000 (Tue, 19 Jan 2016)
New Revision: 4103

Added:
   active/CVE-2015-2877
   active/CVE-2015-6526
Log:
Add CVE-2015-2877 and CVE-2015-6526 from some months back

Added: active/CVE-2015-2877
===================================================================
--- active/CVE-2015-2877	                        (rev 0)
+++ active/CVE-2015-2877	2016-01-19 15:56:16 UTC (rev 4103)
@@ -0,0 +1,14 @@
+Description: Cross-VM ASL INtrospection (CAIN)
+References:
+ https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
+Notes:
+ bwh> Depends on KSM, which needs to be explicitly enabled at run-time
+Bugs:
+upstream: needed
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
+2.6.32-upstream-stable: ignored "nearly EOL, no fix in sight"
+sid: needed
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: ignored "KVM not supported in Squeeze LTS"

Added: active/CVE-2015-6526
===================================================================
--- active/CVE-2015-6526	                        (rev 0)
+++ active/CVE-2015-6526	2016-01-19 15:56:16 UTC (rev 4103)
@@ -0,0 +1,13 @@
+Description: User thread can get powerpc perf_callchain_user_64 function into infinite loop
+References:
+ http://www.openwall.com/lists/oss-security/2015/08/18/4
+Notes:
+Bugs:
+upstream: released (4.1-rc1) [9a5cbce421a283e6aea3c4007f141735bf9da8c3]
+3.16-upstream-stable: released (3.16.7-ckt11)
+3.2-upstream-stable: released (3.2.70)
+2.6.32-upstream-stable: needed
+sid: released (4.1.3-1)
+3.16-jessie-security: released (3.16.7-ckt11-1+deb8u1)
+3.2-wheezy-security: released (3.2.73-2+deb7u1)
+2.6.32-squeeze-security: ignored "powerpc not supported in Squeeze LTS"




More information about the kernel-sec-discuss mailing list