[kernel-sec-discuss] r4976 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Feb 22 02:50:25 UTC 2017
Author: benh
Date: 2017-02-22 02:50:25 +0000 (Wed, 22 Feb 2017)
New Revision: 4976
Modified:
active/CVE-2017-5986
Log:
Update status of CVE-2017-5986 following review of the fix
Modified: active/CVE-2017-5986
===================================================================
--- active/CVE-2017-5986 2017-02-21 21:41:07 UTC (rev 4975)
+++ active/CVE-2017-5986 2017-02-22 02:50:25 UTC (rev 4976)
@@ -1,12 +1,14 @@
Description: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
References:
Notes:
- Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
+ carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
+ bwh> Upstream fix actually makes things worse; see
+ bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2
Bugs:
upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]
3.16-upstream-stable: needed
3.2-upstream-stable: needed
sid: released (4.9.10-1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
-3.16-jessie-security: pending (3.16.39-1+deb8u1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
-3.2-wheezy-security: pending (3.2.84-1+deb7u1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
+3.16-jessie-security: needed
+3.2-wheezy-security: needed
More information about the kernel-sec-discuss
mailing list