[kernel-sec-discuss] r5227 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Apr 27 00:04:02 UTC 2017
Author: benh
Date: 2017-04-27 00:04:02 +0000 (Thu, 27 Apr 2017)
New Revision: 5227
Modified:
active/CVE-2016-10200
active/CVE-2016-2188
active/CVE-2016-9604
active/CVE-2017-2647
active/CVE-2017-2671
active/CVE-2017-5967
active/CVE-2017-5970
active/CVE-2017-6951
active/CVE-2017-7184
active/CVE-2017-7261
active/CVE-2017-7273
active/CVE-2017-7294
active/CVE-2017-7308
active/CVE-2017-7472
active/CVE-2017-7616
active/CVE-2017-7618
active/CVE-2017-8106
Log:
Mark CVE-2017-8106 as N/A for 3.2 branches
Modified: active/CVE-2016-10200
===================================================================
--- active/CVE-2016-10200 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2016-10200 2017-04-27 00:04:02 UTC (rev 5227)
@@ -8,4 +8,4 @@
3.2-upstream-stable: released (3.2.88) [2147a17048314f069838aace1d08b8c719448b50]
sid: released (4.8.15-1)
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
-3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch]
+3.2-wheezy-security: pending (3.2.88-1)
Modified: active/CVE-2016-2188
===================================================================
--- active/CVE-2016-2188 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2016-2188 2017-04-27 00:04:02 UTC (rev 5227)
@@ -20,4 +20,4 @@
3.2-upstream-stable: needed
sid: released (4.9.16-1)
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/usb-iowarrior-fix-null-deref-at-probe.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/usb-iowarrior-fix-null-deref-at-probe.patch]
Modified: active/CVE-2016-9604
===================================================================
--- active/CVE-2016-9604 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2016-9604 2017-04-27 00:04:02 UTC (rev 5227)
@@ -12,4 +12,4 @@
3.2-upstream-stable: needed
sid: pending (4.9.24-1) [bugfix/all/keys-disallow-keyrings-beginning-with-.-to-be-joined.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/keys-disallow-keyrings-beginning-with-.-to-be-joined.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/keys-disallow-keyrings-beginning-with-.-to-be-joined.patch]
Modified: active/CVE-2017-2647
===================================================================
--- active/CVE-2017-2647 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-2647 2017-04-27 00:04:02 UTC (rev 5227)
@@ -17,4 +17,4 @@
3.2-upstream-stable: released (3.2.88) [e2b41f761b086da2ec43b1cfea14ca0681cd08b0]
sid: released (4.0.2-1)
3.16-jessie-security: pending (3.16.43-1)
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1)
Modified: active/CVE-2017-2671
===================================================================
--- active/CVE-2017-2671 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-2671 2017-04-27 00:04:02 UTC (rev 5227)
@@ -11,4 +11,4 @@
3.2-upstream-stable: needed
sid: pending (4.9.24-1) [bugfix/all/ping-implement-proper-locking.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/ping-implement-proper-locking.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/ping-implement-proper-locking.patch]
Modified: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-5967 2017-04-27 00:04:02 UTC (rev 5227)
@@ -14,4 +14,4 @@
3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
-3.2-wheezy-security: pending (3.2.86-2) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
Modified: active/CVE-2017-5970
===================================================================
--- active/CVE-2017-5970 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-5970 2017-04-27 00:04:02 UTC (rev 5227)
@@ -12,4 +12,4 @@
3.2-upstream-stable: released (3.2.88) [ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
sid: released (4.9.10-1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch]
3.16-jessie-security: released (3.16.39-1+deb8u1) [bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1)
Modified: active/CVE-2017-6951
===================================================================
--- active/CVE-2017-6951 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-6951 2017-04-27 00:04:02 UTC (rev 5227)
@@ -18,4 +18,4 @@
3.2-upstream-stable: released (3.2.88) [e2b41f761b086da2ec43b1cfea14ca0681cd08b0]
sid: released (4.0.2-1)
3.16-jessie-security: pending (3.16.43-1)
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1)
Modified: active/CVE-2017-7184
===================================================================
--- active/CVE-2017-7184 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7184 2017-04-27 00:04:02 UTC (rev 5227)
@@ -12,4 +12,4 @@
3.2-upstream-stable: needed
sid: released (4.9.18-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/xfrm_user-validate-xfrm_msg_newae-xfrma_replay_esn_val-replay_window.patch, bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch]
Modified: active/CVE-2017-7261
===================================================================
--- active/CVE-2017-7261 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7261 2017-04-27 00:04:02 UTC (rev 5227)
@@ -16,4 +16,4 @@
3.2-upstream-stable: needed
sid: released (4.9.18-1) [bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch]
Modified: active/CVE-2017-7273
===================================================================
--- active/CVE-2017-7273 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7273 2017-04-27 00:04:02 UTC (rev 5227)
@@ -8,4 +8,4 @@
3.2-upstream-stable: released (3.2.87) [4faec4a2ef5dd481682cc155cb9ea14ba2534b76]
sid: released (4.9.6-1)
3.16-jessie-security: pending (3.16.43-1)
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1)
Modified: active/CVE-2017-7294
===================================================================
--- active/CVE-2017-7294 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7294 2017-04-27 00:04:02 UTC (rev 5227)
@@ -10,4 +10,4 @@
3.2-upstream-stable: needed
sid: released (4.9.18-1) [bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch]
Modified: active/CVE-2017-7308
===================================================================
--- active/CVE-2017-7308 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7308 2017-04-27 00:04:02 UTC (rev 5227)
@@ -15,4 +15,4 @@
3.2-upstream-stable: needed
sid: released (4.9.18-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch, bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch]
Modified: active/CVE-2017-7472
===================================================================
--- active/CVE-2017-7472 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7472 2017-04-27 00:04:02 UTC (rev 5227)
@@ -13,4 +13,4 @@
3.2-upstream-stable: needed
sid: pending (4.9.24-1) [bugfix/all/keys-fix-keyctl_set_reqkey_keyring-to-not-leak-threa.patch]
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/keys-fix-keyctl_set_reqkey_keyring-to-not-leak-threa.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/keys-fix-keyctl_set_reqkey_keyring-to-not-leak-threa.patch]
Modified: active/CVE-2017-7616
===================================================================
--- active/CVE-2017-7616 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7616 2017-04-27 00:04:02 UTC (rev 5227)
@@ -9,4 +9,4 @@
3.2-upstream-stable: needed
sid: pending (4.9.24-1)
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/mm-mempolicy.c-fix-error-handling-in-set_mempolicy-a.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/mm-mempolicy.c-fix-error-handling-in-set_mempolicy-a.patch]
Modified: active/CVE-2017-7618
===================================================================
--- active/CVE-2017-7618 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-7618 2017-04-27 00:04:02 UTC (rev 5227)
@@ -3,6 +3,8 @@
http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git/commit/?id=ef0579b64e93188710d48667cb5e014926af9f1b
Notes:
+ bwh> This depends on several earlier fixes to crypto/ahash.c, applied
+ bwh> between 3.2 and 3.16.
Bugs:
upstream: released (4.11-rc8) [ef0579b64e93188710d48667cb5e014926af9f1b]
4.9-upstream-stable: released (4.9.24) [c10479591869177ae7ac0570b54ace6fbdeb57c2]
@@ -10,4 +12,4 @@
3.2-upstream-stable: needed
sid: pending (4.9.24-1)
3.16-jessie-security: pending (3.16.43-1) [bugfix/all/crypto-ahash-fix-einprogress-notification-callback.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.88-1) [bugfix/all/crypto-ahash-fix-einprogress-notification-callback.patch]
Modified: active/CVE-2017-8106
===================================================================
--- active/CVE-2017-8106 2017-04-26 21:33:09 UTC (rev 5226)
+++ active/CVE-2017-8106 2017-04-27 00:04:02 UTC (rev 5227)
@@ -5,13 +5,15 @@
carnil> for linux-3.2.y commit 02a988e6e4511b1f6d83525710a12db9c5a45149 (3.2.64)
carnil> backports bfd0a56b90005f8c8a004baf407ad90045c2b11e but is quite
carnil> reduced.
+ bwh> The backport to 3.2 was a *non*-implementation of INVEPT that doesn't
+ bwh> have this issue.
Bugs:
https://bugzilla.kernel.org/show_bug.cgi?id=195167
https://launchpad.net/bugs/1678676
upstream: released (3.16-rc4) [4b855078601fc422dbac3059f2215e776f49780f]
4.9-upstream-stable: N/A "Fixed before branch point"
3.16-upstream-stable: N/A "Fixed before branch point"
-3.2-upstream-stable:
+3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (3.16.2-1)
3.16-jessie-security: N/A "Vulnerable code not present"
-3.2-wheezy-security:
+3.2-wheezy-security: N/A "Vulnerable code not present"
More information about the kernel-sec-discuss
mailing list