[kernel-sec-discuss] r5086 - active retired
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Mar 16 08:20:16 UTC 2017
Author: carnil
Date: 2017-03-16 08:20:15 +0000 (Thu, 16 Mar 2017)
New Revision: 5086
Added:
retired/CVE-2017-5669
retired/CVE-2017-5986
retired/CVE-2017-6345
retired/CVE-2017-6346
retired/CVE-2017-6348
Removed:
active/CVE-2017-5669
active/CVE-2017-5986
active/CVE-2017-6345
active/CVE-2017-6346
active/CVE-2017-6348
Log:
Retire CVEs fixed everywhere needed
Deleted: active/CVE-2017-5669
===================================================================
--- active/CVE-2017-5669 2017-03-16 08:18:38 UTC (rev 5085)
+++ active/CVE-2017-5669 2017-03-16 08:20:15 UTC (rev 5086)
@@ -1,14 +0,0 @@
-Description: ipc/shm: Fix shmat mmap nil-page protection
-References:
-Notes:
- carnil> Fix in linux-next: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
- bwh> Confirmed this affects 3.2 with a simple test program
-Bugs:
- https://bugzilla.kernel.org/show_bug.cgi?id=192931
-upstream: released (4.11-rc1) [95e91b831f87ac8e1f8ed50c14d709089b4e01b8]
-4.9-upstream-stable: released (4.9.14) [270e84a1e6effd6c0c6e9b13b196b5fdaa392954]
-3.16-upstream-stable: released (3.16.42) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
-3.2-upstream-stable: released (3.2.87) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
-sid: released (4.9.13-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/ipc-shm-Fix-shmat-mmap-nil-page-protection.patch]
-3.2-wheezy-security: released (3.2.86-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
Deleted: active/CVE-2017-5986
===================================================================
--- active/CVE-2017-5986 2017-03-16 08:18:38 UTC (rev 5085)
+++ active/CVE-2017-5986 2017-03-16 08:20:15 UTC (rev 5086)
@@ -1,15 +0,0 @@
-Description: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
-References:
-Notes:
- carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
- bwh> Upstream fix actually makes things worse; see
- bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353
-Bugs:
-upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
-4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]
-3.16-upstream-stable: released (3.16.42) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
-3.2-upstream-stable: released (3.2.87) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
-sid: released (4.9.10-1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
-3.2-wheezy-security: released (3.2.86-1) [bugfix/all/sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
-
Deleted: active/CVE-2017-6345
===================================================================
--- active/CVE-2017-6345 2017-03-16 08:18:38 UTC (rev 5085)
+++ active/CVE-2017-6345 2017-03-16 08:20:15 UTC (rev 5086)
@@ -1,16 +0,0 @@
-Description: net/llc: avoid BUG_ON() in skb_orphan()
-References:
-Notes:
-Bugs:
- bwh> The upstream commit refers to an added assertion in 3.12, but the
- bwh> purpose of that assertion was to catch potential UAF cases so I
- bwh> assume this bug could result in a UAF in 3.2. Note that this bug
- bwh> is in the obscure llc2 module, not the basic llc support used by
- bwh> some other protocols.
-upstream: released (4.10) [8b74d439e1697110c5e5c600643e823eb1dd0762]
-4.9-upstream-stable: released (4.9.13) [42b52783a59cc706c71cdc7096edce4a6f086fd3]
-3.16-upstream-stable: released (3.16.42) [net-llc-avoid-bug_on-in-skb_orphan.patch]
-3.2-upstream-stable: released (3.2.87) [net-llc-avoid-bug_on-in-skb_orphan.patch]
-sid: released (4.9.13-1)
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/net-llc-avoid-BUG_ON-in-skb_orphan.patch]
-3.2-wheezy-security: released (3.2.86-1) [bugfix/all/net-llc-avoid-bug_on-in-skb_orphan.patch]
Deleted: active/CVE-2017-6346
===================================================================
--- active/CVE-2017-6346 2017-03-16 08:18:38 UTC (rev 5085)
+++ active/CVE-2017-6346 2017-03-16 08:20:15 UTC (rev 5086)
@@ -1,13 +0,0 @@
-Description: packet: fix races in fanout_add()
-References:
-Notes:
- bwh> The races can clearly lead to a UAF since 4.2. The impact may be
- bwh> less severe in earlier versions but still needs to be fixed.
-Bugs:
-upstream: released (4.10) [d199fab63c11998a602205f7ee7ff7c05c97164b]
-4.9-upstream-stable: released (4.9.13) [722737f27774b14be5a1d2d3b9281dcded7c48b2]
-3.16-upstream-stable: released (3.16.42) [packet-fix-races-in-fanout_add.patch]
-3.2-upstream-stable: released (3.2.87) [packet-fix-races-in-fanout_add.patch]
-sid: released (4.9.13-1)
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/packet-fix-races-in-fanout_add.patch]
-3.2-wheezy-security: released (3.2.86-1) [bugfix/all/packet-fix-races-in-fanout_add.patch]
Deleted: active/CVE-2017-6348
===================================================================
--- active/CVE-2017-6348 2017-03-16 08:18:38 UTC (rev 5085)
+++ active/CVE-2017-6348 2017-03-16 08:20:15 UTC (rev 5086)
@@ -1,13 +0,0 @@
-Description: irda: Fix lockdep annotations in hashbin_delete()
-References:
-Notes:
- bwh> This actually changes locking, not just lockdep annotations.
- bwh> So I think it fixes a potential deadlock.
-Bugs:
-upstream: released (4.10) [4c03b862b12f980456f9de92db6d508a4999b788]
-4.9-upstream-stable: released (4.9.13) [c2219da51664451149350e47321aa0fcf72a8b8f]
-3.16-upstream-stable: released (3.16.42) [irda-fix-lockdep-annotations-in-hashbin_delete.patch]
-3.2-upstream-stable: released (3.2.87) [irda-fix-lockdep-annotations-in-hashbin_delete.patch]
-sid: released (4.9.13-1)
-3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch]
-3.2-wheezy-security: released (3.2.86-1) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch]
Copied: retired/CVE-2017-5669 (from rev 5085, active/CVE-2017-5669)
===================================================================
--- retired/CVE-2017-5669 (rev 0)
+++ retired/CVE-2017-5669 2017-03-16 08:20:15 UTC (rev 5086)
@@ -0,0 +1,14 @@
+Description: ipc/shm: Fix shmat mmap nil-page protection
+References:
+Notes:
+ carnil> Fix in linux-next: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
+ bwh> Confirmed this affects 3.2 with a simple test program
+Bugs:
+ https://bugzilla.kernel.org/show_bug.cgi?id=192931
+upstream: released (4.11-rc1) [95e91b831f87ac8e1f8ed50c14d709089b4e01b8]
+4.9-upstream-stable: released (4.9.14) [270e84a1e6effd6c0c6e9b13b196b5fdaa392954]
+3.16-upstream-stable: released (3.16.42) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
+3.2-upstream-stable: released (3.2.87) [ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
+sid: released (4.9.13-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/ipc-shm-Fix-shmat-mmap-nil-page-protection.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/ipc-shm-fix-shmat-mmap-nil-page-protection.patch]
Copied: retired/CVE-2017-5986 (from rev 5085, active/CVE-2017-5986)
===================================================================
--- retired/CVE-2017-5986 (rev 0)
+++ retired/CVE-2017-5986 2017-03-16 08:20:15 UTC (rev 5086)
@@ -0,0 +1,15 @@
+Description: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()
+References:
+Notes:
+ carnil> Introduced in 2.6.17-rc5 with 61c9fed41638249f8b6ca5345064eb1beb50179f
+ bwh> Upstream fix actually makes things worse; see
+ bwh> https://marc.info/?l=linux-sctp&m=148770688203103&w=2 and CVE-2017-6353
+Bugs:
+upstream: released (4.10-rc8) [2dcab598484185dea7ec22219c76dcdd59e3cb90]
+4.9-upstream-stable: released (4.9.11) [00eff2ebbd229758e90659907724c14dd5a18339]
+3.16-upstream-stable: released (3.16.42) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+3.2-upstream-stable: released (3.2.87) [sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+sid: released (4.9.10-1) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/sctp-avoid-bug_on-on-sctp_wait_for_sndbuf.patch]
+
Copied: retired/CVE-2017-6345 (from rev 5085, active/CVE-2017-6345)
===================================================================
--- retired/CVE-2017-6345 (rev 0)
+++ retired/CVE-2017-6345 2017-03-16 08:20:15 UTC (rev 5086)
@@ -0,0 +1,16 @@
+Description: net/llc: avoid BUG_ON() in skb_orphan()
+References:
+Notes:
+Bugs:
+ bwh> The upstream commit refers to an added assertion in 3.12, but the
+ bwh> purpose of that assertion was to catch potential UAF cases so I
+ bwh> assume this bug could result in a UAF in 3.2. Note that this bug
+ bwh> is in the obscure llc2 module, not the basic llc support used by
+ bwh> some other protocols.
+upstream: released (4.10) [8b74d439e1697110c5e5c600643e823eb1dd0762]
+4.9-upstream-stable: released (4.9.13) [42b52783a59cc706c71cdc7096edce4a6f086fd3]
+3.16-upstream-stable: released (3.16.42) [net-llc-avoid-bug_on-in-skb_orphan.patch]
+3.2-upstream-stable: released (3.2.87) [net-llc-avoid-bug_on-in-skb_orphan.patch]
+sid: released (4.9.13-1)
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/net-llc-avoid-BUG_ON-in-skb_orphan.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/net-llc-avoid-bug_on-in-skb_orphan.patch]
Copied: retired/CVE-2017-6346 (from rev 5085, active/CVE-2017-6346)
===================================================================
--- retired/CVE-2017-6346 (rev 0)
+++ retired/CVE-2017-6346 2017-03-16 08:20:15 UTC (rev 5086)
@@ -0,0 +1,13 @@
+Description: packet: fix races in fanout_add()
+References:
+Notes:
+ bwh> The races can clearly lead to a UAF since 4.2. The impact may be
+ bwh> less severe in earlier versions but still needs to be fixed.
+Bugs:
+upstream: released (4.10) [d199fab63c11998a602205f7ee7ff7c05c97164b]
+4.9-upstream-stable: released (4.9.13) [722737f27774b14be5a1d2d3b9281dcded7c48b2]
+3.16-upstream-stable: released (3.16.42) [packet-fix-races-in-fanout_add.patch]
+3.2-upstream-stable: released (3.2.87) [packet-fix-races-in-fanout_add.patch]
+sid: released (4.9.13-1)
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/packet-fix-races-in-fanout_add.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/packet-fix-races-in-fanout_add.patch]
Copied: retired/CVE-2017-6348 (from rev 5085, active/CVE-2017-6348)
===================================================================
--- retired/CVE-2017-6348 (rev 0)
+++ retired/CVE-2017-6348 2017-03-16 08:20:15 UTC (rev 5086)
@@ -0,0 +1,13 @@
+Description: irda: Fix lockdep annotations in hashbin_delete()
+References:
+Notes:
+ bwh> This actually changes locking, not just lockdep annotations.
+ bwh> So I think it fixes a potential deadlock.
+Bugs:
+upstream: released (4.10) [4c03b862b12f980456f9de92db6d508a4999b788]
+4.9-upstream-stable: released (4.9.13) [c2219da51664451149350e47321aa0fcf72a8b8f]
+3.16-upstream-stable: released (3.16.42) [irda-fix-lockdep-annotations-in-hashbin_delete.patch]
+3.2-upstream-stable: released (3.2.87) [irda-fix-lockdep-annotations-in-hashbin_delete.patch]
+sid: released (4.9.13-1)
+3.16-jessie-security: released (3.16.39-1+deb8u2) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch]
+3.2-wheezy-security: released (3.2.86-1) [bugfix/all/irda-fix-lockdep-annotations-in-hashbin_delete.patch]
More information about the kernel-sec-discuss
mailing list