[kernel-sec-discuss] r5817 - dsa-texts
Ben Hutchings
benh at moszumanska.debian.org
Fri Dec 22 22:40:45 UTC 2017
Author: benh
Date: 2017-12-22 22:40:44 +0000 (Fri, 22 Dec 2017)
New Revision: 5817
Modified:
dsa-texts/4.9.65-3+deb9u1
Log:
Paste issue descriptions from DLA-1200-1
Modified: dsa-texts/4.9.65-3+deb9u1
===================================================================
--- dsa-texts/4.9.65-3+deb9u1 2017-12-22 22:37:54 UTC (rev 5816)
+++ dsa-texts/4.9.65-3+deb9u1 2017-12-22 22:40:44 UTC (rev 5817)
@@ -10,6 +10,15 @@
CVE-2017-8824
+ Mohamed Ghannam discovered that the DCCP implementation did not
+ correctly manage resources when a socket is disconnected and
+ reconnected, potentially leading to a use-after-free. A local
+ user could use this for denial of service (crash or data
+ corruption) or possibly for privilege escalation. On systems that
+ do not already have the dccp module loaded, this can be mitigated
+ by disabling it:
+ echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
+
CVE-2017-16538
CVE-2017-16644
@@ -36,6 +45,11 @@
CVE-2017-1000407
+ Andrew Honig reported that the KVM implementation for Intel
+ processors allowed direct access to host I/O port 0x80, which
+ is not generally safe. On some systems this allows a guest
+ VM to cause a denial of service (crash) of the host.
+
CVE-2017-1000410
For the stable distribution (stretch), these problems have been fixed
More information about the kernel-sec-discuss
mailing list