[kernel-sec-discuss] r5646 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Oct 12 17:00:07 UTC 2017 

Author: carnil
Date: 2017-10-12 17:00:07 +0000 (Thu, 12 Oct 2017)
New Revision: 5646

Added:
   retired/CVE-2017-1000251
   retired/CVE-2017-12153
   retired/CVE-2017-12154
   retired/CVE-2017-14156
   retired/CVE-2017-14340
   retired/CVE-2017-14489
Removed:
   active/CVE-2017-1000251
   active/CVE-2017-12153
   active/CVE-2017-12154
   active/CVE-2017-14156
   active/CVE-2017-14340
   active/CVE-2017-14489
Log:
Retire several CVEs

Deleted: active/CVE-2017-1000251
===================================================================
--- active/CVE-2017-1000251	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-1000251	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,17 +0,0 @@
-Description: stack buffer overflow flaw in Bluetooth subsystem
-References:
- https://access.redhat.com/security/vulnerabilities/blueborne
- https://www.armis.com/blueborne/
-Notes:
- carnil> Initially it was though affected versions are only
- carnil> 0e8b207e8a44/v3.3-rc1 but looks it might affect some
- carnil> more kernel starting on f2fcfcd67/v2.6.32-rc1.
-Bugs:
-upstream: released (4.14-rc1) [e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3]
-4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed]
-3.16-upstream-stable: released (3.16.49) [8a7b081660857a80c3efc463b3da790c4fa0c801]
-3.2-upstream-stable: released (3.2.94) [26d624204b5243a0c928bad4bf62560bb63f385d]
-sid: released (4.12.13-1)
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]

Deleted: active/CVE-2017-12153
===================================================================
--- active/CVE-2017-12153	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-12153	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,16 +0,0 @@
-Description: null pointer dereference in nl80211_set_rekey_data()
-References:
- https://marc.info/?t=150525503100001&r=1&w=2
- https://marc.info/?l=linux-wireless&m=150525493517953&w=2
-Notes:
- bwh> Said to be introduced in 3.1 by commit e5497d766ad ("cfg80211/nl80211:
- bwh> support GTK rekey offload").
-Bugs:
-upstream: released (4.14-rc2) [e785fa0a164aa11001cba931367c7f94ffaff888]
-4.9-upstream-stable: released (4.9.53) [c820441a7a52e3626aede8df94069a50a9e4efdb]
-3.16-upstream-stable: released (3.16.49) [ed2305f2eba403d41dc4213746f60d47273980f6]
-3.2-upstream-stable: released (3.2.94) [082d8a6a55d2b6583d9e93ac9796efdf4c412658]
-sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]

Deleted: active/CVE-2017-12154
===================================================================
--- active/CVE-2017-12154	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-12154	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,16 +0,0 @@
-Description: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
-References:
- https://www.spinics.net/lists/kvm/msg155414.html
-Notes:
- bwh> Appears to have been introduced in 3.1 by commit fe3ef05c7572
- bwh> "KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12".
-Bugs:
- https://bugzilla.redhat.com/show_bug.cgi?id=1491224
-upstream: released (4.14-rc1) [51aa68e7d57e3217192d88ce90fd5b8ef29ec94f]
-4.9-upstream-stable: released (4.9.53) [86ef97b2dfd504fbc65f6b244a422db0c1b15797]
-3.16-upstream-stable: released (3.16.49) [423a7a81efb8da25dbbcfe7a33bd8bfdce34150b]
-3.2-upstream-stable: released (3.2.94) [7999f7fc5b2ca4c0b2a96b7fb3dfa4e30274da27]
-sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]

Deleted: active/CVE-2017-14156
===================================================================
--- active/CVE-2017-14156	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-14156	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,15 +0,0 @@
-Description: atyfb_ioctl stack memory leak
-References:
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
-Notes:
-Bugs:
-upstream: released (4.14-rc1) [8e75f7a7a00461ef6d91797a60b606367f6e344d]
-4.9-upstream-stable: released (4.9.53) [64afde6f956dfcb719e329a9d2098b53e68d2755]
-3.16-upstream-stable: released (3.16.49) [093d5ecdeb49c6ad4ea4c1fb39c481e9bcfc1871]
-3.2-upstream-stable: released (3.2.94) [71b8eab658c3569c1b3fe3d4df3334bb3fe85903]
-sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]

Deleted: active/CVE-2017-14340
===================================================================
--- active/CVE-2017-14340	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-14340	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,15 +0,0 @@
-Description: xfs: unprivileged user kernel oops
-References:
- http://www.openwall.com/lists/oss-security/2017/09/13/1
-Notes:
- bwh> Said to be introduced in 2.6.15 by commit f538d4da8d52 "[XFS] write
- bwh> barrier support".
-Bugs:
-upstream: released (4.14-rc1) [b31ff3cdf540110da4572e3e29bd172087af65cc]
-4.9-upstream-stable: released (4.9.50) [5b82e0e938af5d9dfb038e2483cb2a84e24584fd]
-3.16-upstream-stable: released (3.16.49) [1e48f7b93c3a8f1d7bb136ab7fa61e763893a6fd]
-3.2-upstream-stable: released (3.2.94) [90b59e69283444326907eb6c6b447366814d0960]
-sid: released (4.12.13-1)
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]

Deleted: active/CVE-2017-14489
===================================================================
--- active/CVE-2017-14489	2017-10-12 16:58:10 UTC (rev 5645)
+++ active/CVE-2017-14489	2017-10-12 17:00:07 UTC (rev 5646)
@@ -1,24 +0,0 @@
-Description: scsi: nlmsg not properly parsed in iscsi_if_rx function
-References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1490421
- https://patchwork.kernel.org/patch/9923803/
-Notes:
- bwh> Appears to have been introduced in 2.6.15 by commit 0896b7523026
- bwh> "[SCSI] open-iscsi/linux-iscsi-5 Initiator: Transport class update for
- bwh> iSCSI".
- carnil> 7f564528a480084e2318cd48caba7aef4a54a77f is presumably the upstream
- carnil> fix already fixing the issue, cf.
- carnil> http://www.openwall.com/lists/oss-security/2017/09/25/3 but
- carnil> "nevertheless, the buffer overwrite is still there, so a suggested
- carnil> patch 9923803 (or its later version) is still needed."
- carnil> Fix is pending for 4.14/scsi-fixes in:
- carnil> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.14/scsi-fixes&id=c88f0e6b06f4092995688211a631bb436125d77b
-Bugs:
-upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b]
-4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7]
-3.16-upstream-stable: released (3.16.49) [a1b438ad8590add8f6b0b679171bf5e0d45e2da1]
-3.2-upstream-stable: released (3.2.94) [7d38a8202c4a6acf91d6163f53f3253a261bbd22]
-sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
-4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
-3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
-3.2-wheezy-security: released (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]

Copied: retired/CVE-2017-1000251 (from rev 5645, active/CVE-2017-1000251)
===================================================================
--- retired/CVE-2017-1000251	                        (rev 0)
+++ retired/CVE-2017-1000251	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,17 @@
+Description: stack buffer overflow flaw in Bluetooth subsystem
+References:
+ https://access.redhat.com/security/vulnerabilities/blueborne
+ https://www.armis.com/blueborne/
+Notes:
+ carnil> Initially it was though affected versions are only
+ carnil> 0e8b207e8a44/v3.3-rc1 but looks it might affect some
+ carnil> more kernel starting on f2fcfcd67/v2.6.32-rc1.
+Bugs:
+upstream: released (4.14-rc1) [e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3]
+4.9-upstream-stable: released (4.9.50) [6300c8bfafe032187f3cbaa43dbf7d306650c5ed]
+3.16-upstream-stable: released (3.16.49) [8a7b081660857a80c3efc463b3da790c4fa0c801]
+3.2-upstream-stable: released (3.2.94) [26d624204b5243a0c928bad4bf62560bb63f385d]
+sid: released (4.12.13-1)
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/bluetooth-properly-check-l2cap-config-option-output-.patch]

Copied: retired/CVE-2017-12153 (from rev 5645, active/CVE-2017-12153)
===================================================================
--- retired/CVE-2017-12153	                        (rev 0)
+++ retired/CVE-2017-12153	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,16 @@
+Description: null pointer dereference in nl80211_set_rekey_data()
+References:
+ https://marc.info/?t=150525503100001&r=1&w=2
+ https://marc.info/?l=linux-wireless&m=150525493517953&w=2
+Notes:
+ bwh> Said to be introduced in 3.1 by commit e5497d766ad ("cfg80211/nl80211:
+ bwh> support GTK rekey offload").
+Bugs:
+upstream: released (4.14-rc2) [e785fa0a164aa11001cba931367c7f94ffaff888]
+4.9-upstream-stable: released (4.9.53) [c820441a7a52e3626aede8df94069a50a9e4efdb]
+3.16-upstream-stable: released (3.16.49) [ed2305f2eba403d41dc4213746f60d47273980f6]
+3.2-upstream-stable: released (3.2.94) [082d8a6a55d2b6583d9e93ac9796efdf4c412658]
+sid: released (4.12.13-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch]

Copied: retired/CVE-2017-12154 (from rev 5645, active/CVE-2017-12154)
===================================================================
--- retired/CVE-2017-12154	                        (rev 0)
+++ retired/CVE-2017-12154	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,16 @@
+Description: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
+References:
+ https://www.spinics.net/lists/kvm/msg155414.html
+Notes:
+ bwh> Appears to have been introduced in 3.1 by commit fe3ef05c7572
+ bwh> "KVM: nVMX: Prepare vmcs02 from vmcs01 and vmcs12".
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1491224
+upstream: released (4.14-rc1) [51aa68e7d57e3217192d88ce90fd5b8ef29ec94f]
+4.9-upstream-stable: released (4.9.53) [86ef97b2dfd504fbc65f6b244a422db0c1b15797]
+3.16-upstream-stable: released (3.16.49) [423a7a81efb8da25dbbcfe7a33bd8bfdce34150b]
+3.2-upstream-stable: released (3.2.94) [7999f7fc5b2ca4c0b2a96b7fb3dfa4e30274da27]
+sid: released (4.12.13-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch]

Copied: retired/CVE-2017-14156 (from rev 5645, active/CVE-2017-14156)
===================================================================
--- retired/CVE-2017-14156	                        (rev 0)
+++ retired/CVE-2017-14156	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,15 @@
+Description: atyfb_ioctl stack memory leak
+References:
+ https://github.com/torvalds/linux/pull/441
+ https://marc.info/?l=linux-kernel&m=150401461613306&w=2
+ https://marc.info/?l=linux-kernel&m=150453196710422&w=2
+Notes:
+Bugs:
+upstream: released (4.14-rc1) [8e75f7a7a00461ef6d91797a60b606367f6e344d]
+4.9-upstream-stable: released (4.9.53) [64afde6f956dfcb719e329a9d2098b53e68d2755]
+3.16-upstream-stable: released (3.16.49) [093d5ecdeb49c6ad4ea4c1fb39c481e9bcfc1871]
+3.2-upstream-stable: released (3.2.94) [71b8eab658c3569c1b3fe3d4df3334bb3fe85903]
+sid: released (4.12.13-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch]

Copied: retired/CVE-2017-14340 (from rev 5645, active/CVE-2017-14340)
===================================================================
--- retired/CVE-2017-14340	                        (rev 0)
+++ retired/CVE-2017-14340	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,15 @@
+Description: xfs: unprivileged user kernel oops
+References:
+ http://www.openwall.com/lists/oss-security/2017/09/13/1
+Notes:
+ bwh> Said to be introduced in 2.6.15 by commit f538d4da8d52 "[XFS] write
+ bwh> barrier support".
+Bugs:
+upstream: released (4.14-rc1) [b31ff3cdf540110da4572e3e29bd172087af65cc]
+4.9-upstream-stable: released (4.9.50) [5b82e0e938af5d9dfb038e2483cb2a84e24584fd]
+3.16-upstream-stable: released (3.16.49) [1e48f7b93c3a8f1d7bb136ab7fa61e763893a6fd]
+3.2-upstream-stable: released (3.2.94) [90b59e69283444326907eb6c6b447366814d0960]
+sid: released (4.12.13-1)
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/xfs-XFS_IS_REALTIME_INODE-should-be-false-if-no-rt-d.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/xfs-xfs_is_realtime_inode-should-be-false-if-no-rt-d.patch]

Copied: retired/CVE-2017-14489 (from rev 5645, active/CVE-2017-14489)
===================================================================
--- retired/CVE-2017-14489	                        (rev 0)
+++ retired/CVE-2017-14489	2017-10-12 17:00:07 UTC (rev 5646)
@@ -0,0 +1,24 @@
+Description: scsi: nlmsg not properly parsed in iscsi_if_rx function
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1490421
+ https://patchwork.kernel.org/patch/9923803/
+Notes:
+ bwh> Appears to have been introduced in 2.6.15 by commit 0896b7523026
+ bwh> "[SCSI] open-iscsi/linux-iscsi-5 Initiator: Transport class update for
+ bwh> iSCSI".
+ carnil> 7f564528a480084e2318cd48caba7aef4a54a77f is presumably the upstream
+ carnil> fix already fixing the issue, cf.
+ carnil> http://www.openwall.com/lists/oss-security/2017/09/25/3 but
+ carnil> "nevertheless, the buffer overwrite is still there, so a suggested
+ carnil> patch 9923803 (or its later version) is still needed."
+ carnil> Fix is pending for 4.14/scsi-fixes in:
+ carnil> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.14/scsi-fixes&id=c88f0e6b06f4092995688211a631bb436125d77b
+Bugs:
+upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b]
+4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7]
+3.16-upstream-stable: released (3.16.49) [a1b438ad8590add8f6b0b679171bf5e0d45e2da1]
+3.2-upstream-stable: released (3.2.94) [7d38a8202c4a6acf91d6163f53f3253a261bbd22]
+sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
+3.2-wheezy-security: released (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]

More information about the kernel-sec-discuss mailing list