[kernel-sec-discuss] r5487 - active
Ben Hutchings
benh at moszumanska.debian.org
Fri Aug 18 00:01:04 UTC 2017
Author: benh
Date: 2017-08-18 00:00:57 +0000 (Fri, 18 Aug 2017)
New Revision: 5487
Modified:
active/CVE-2017-1000111
active/CVE-2017-1000112
active/CVE-2017-10661
active/CVE-2017-11600
Log:
Mark issues pending for wheezy, jessie and stretch
Modified: active/CVE-2017-1000111
===================================================================
--- active/CVE-2017-1000111 2017-08-17 21:46:13 UTC (rev 5486)
+++ active/CVE-2017-1000111 2017-08-18 00:00:57 UTC (rev 5487)
@@ -8,6 +8,6 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.12.6-1) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
-4.9-stretch-security: needed
-3.16-jessie-security: needed
-3.2-wheezy-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
+3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
+3.2-wheezy-security: pending (3.2.91-1) [bugfix/all/packet-fix-tp_reserve-race-in-packet_set_ring.patch]
Modified: active/CVE-2017-1000112
===================================================================
--- active/CVE-2017-1000112 2017-08-17 21:46:13 UTC (rev 5486)
+++ active/CVE-2017-1000112 2017-08-18 00:00:57 UTC (rev 5487)
@@ -3,12 +3,16 @@
http://www.openwall.com/lists/oss-security/2017/08/10/5
Notes:
carnil> Introduced in e89e9cf539a28df7d0eb1d0a545368e9920b34ac
+ bwh> Exploitation is possible by unprivileged users after commit 40ba330227ad
+ bwh> "udp: disallow UFO for sockets with SO_NO_CHECK option", or with
+ bwh> CAP_NET_ADMIN (in any namespace). This is low severity for 3.2 and also
+ bwh> will be hard to fix there without revisiting CVE-2013-4470.
Bugs:
upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa]
4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70]
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
-4.9-stretch-security: needed
-3.16-jessie-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
+3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
3.2-wheezy-security: needed
Modified: active/CVE-2017-10661
===================================================================
--- active/CVE-2017-10661 2017-08-17 21:46:13 UTC (rev 5486)
+++ active/CVE-2017-10661 2017-08-18 00:00:57 UTC (rev 5487)
@@ -11,5 +11,5 @@
3.2-upstream-stable: needed
sid: released (4.9.30-1)
4.9-stretch-security: N/A "Fixed before initial release of stretch"
-3.16-jessie-security: needed
-3.2-wheezy-security: needed
+3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/timerfd-protect-the-might-cancel-mechanism-proper.patch]
+3.2-wheezy-security: pending (3.2.91-1) [bugfix/all/timerfd-protect-the-might-cancel-mechanism-proper.patch]
Modified: active/CVE-2017-11600
===================================================================
--- active/CVE-2017-11600 2017-08-17 21:46:13 UTC (rev 5486)
+++ active/CVE-2017-11600 2017-08-18 00:00:57 UTC (rev 5487)
@@ -13,6 +13,6 @@
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.12.6-1) [bugfix/all/xfrm-policy-check-policy-direction-value.patch]
-4.9-stretch-security: needed
-3.16-jessie-security: needed
-3.2-wheezy-security: needed
+4.9-stretch-security: pending (4.9.30-2+deb9u4) [bugfix/all/xfrm-policy-check-policy-direction-value.patch]
+3.16-jessie-security: pending (3.16.43-2+deb8u4) [bugfix/all/xfrm-policy-check-policy-direction-value.patch]
+3.2-wheezy-security: pending (3.2.91-1) [bugfix/all/xfrm-policy-check-policy-direction-value.patch]
More information about the kernel-sec-discuss
mailing list