[kernel-sec-discuss] r5697 - active retired

Ben Hutchings benh at moszumanska.debian.org
Sun Nov 5 17:42:22 UTC 2017 

Author: benh
Date: 2017-11-05 17:42:22 +0000 (Sun, 05 Nov 2017)
New Revision: 5697

Added:
   retired/CVE-2017-1000112
Removed:
   active/CVE-2017-1000112
Log:
Ignore CVE-2017-1000112 for 3.2, and retire it

Deleted: active/CVE-2017-1000112
===================================================================
--- active/CVE-2017-1000112	2017-11-05 17:33:39 UTC (rev 5696)
+++ active/CVE-2017-1000112	2017-11-05 17:42:22 UTC (rev 5697)
@@ -1,18 +0,0 @@
-Description: Exploitable memory corruption due to  UFO to non-UFO path switch
-References:
- http://www.openwall.com/lists/oss-security/2017/08/10/5
-Notes:
- carnil> Introduced in e89e9cf539a28df7d0eb1d0a545368e9920b34ac
- bwh> Exploitation is possible by unprivileged users after commit 40ba330227ad
- bwh> "udp: disallow UFO for sockets with SO_NO_CHECK option", or with
- bwh> CAP_NET_ADMIN (in any namespace).  This is low severity for 3.2 and also
- bwh> will be hard to fix there without revisiting CVE-2013-4470.
-Bugs:
-upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa]
-4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70]
-3.16-upstream-stable: released (3.16.47) [08676246d893e3a42a541a2ef1291f2ea62c5b06]
-3.2-upstream-stable: needed
-sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
-3.2-wheezy-security: needed

Copied: retired/CVE-2017-1000112 (from rev 5696, active/CVE-2017-1000112)
===================================================================
--- retired/CVE-2017-1000112	                        (rev 0)
+++ retired/CVE-2017-1000112	2017-11-05 17:42:22 UTC (rev 5697)
@@ -0,0 +1,18 @@
+Description: Exploitable memory corruption due to  UFO to non-UFO path switch
+References:
+ http://www.openwall.com/lists/oss-security/2017/08/10/5
+Notes:
+ carnil> Introduced in e89e9cf539a28df7d0eb1d0a545368e9920b34ac
+ bwh> Exploitation is possible by unprivileged users after commit 40ba330227ad
+ bwh> "udp: disallow UFO for sockets with SO_NO_CHECK option", or with
+ bwh> CAP_NET_ADMIN (in any namespace).  This is low severity for 3.2 and also
+ bwh> will be hard to fix there without revisiting CVE-2013-4470.
+Bugs:
+upstream: released (4.13-rc5) [85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa]
+4.9-upstream-stable: released (4.9.43) [33dc6a6a85f1d6ce71e7056d009b8a5fcbf10f70]
+3.16-upstream-stable: released (3.16.47) [08676246d893e3a42a541a2ef1291f2ea62c5b06]
+3.2-upstream-stable: ignored "Low severity and difficult to backport"
+sid: released (4.12.6-1) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/udp-consistently-apply-ufo-or-fragmentation.patch]
+3.2-wheezy-security: ignored "Low severity and difficult to backport"

More information about the kernel-sec-discuss mailing list