[kernel-sec-discuss] r5592 - dsa-texts

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 21 18:32:35 UTC 2017 

Author: carnil
Date: 2017-09-21 18:32:34 +0000 (Thu, 21 Sep 2017)
New Revision: 5592

Modified:
   dsa-texts/4.9.30-2+deb9u5
Log:
Sync final text version used for DSA-3981-1

Modified: dsa-texts/4.9.30-2+deb9u5
===================================================================
--- dsa-texts/4.9.30-2+deb9u5	2017-09-20 20:39:37 UTC (rev 5591)
+++ dsa-texts/4.9.30-2+deb9u5	2017-09-21 18:32:34 UTC (rev 5592)
@@ -2,10 +2,10 @@
 CVE ID         : CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600
                  CVE-2017-12134 CVE-2017-12146 CVE-2017-12153 CVE-2017-12154
                  CVE-2017-14106 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340
-                 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111
-                 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252
-                 CVE-2017-1000370 CVE-2017-1000371 CVE-2017-1000380
-Debian Bug     : #866511 #875881
+                 CVE-2017-14489 CVE-2017-14497 CVE-2017-1000111 CVE-2017-1000112
+                 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000370 CVE-2017-1000371
+                 CVE-2017-1000380
+Debian Bug     : 866511 875881
 
 Several vulnerabilities have been discovered in the Linux kernel that
 may lead to privilege escalation, denial of service or information
@@ -30,7 +30,7 @@
     not properly handle certain concurrent operations on a single file
     descriptor.  This allows a local attacker to cause a denial of
     service or potentially execute arbitrary code.
-    
+
 CVE-2017-11600
 
     Bo Zhang reported that the xfrm subsystem does not properly
@@ -126,9 +126,8 @@
 CVE-2017-1000112
 
     Andrey Konovalov of Google reported a race condition flaw in the
-    UDP Fragmentation Offload (UFO) code. A local user with the
-    CAP_NET_ADMIN capability can use this flaw for denial of service
-    or possibly to execute arbitrary code.
+    UDP Fragmentation Offload (UFO) code. A local user can use this
+    flaw for denial of service or possibly to execute arbitrary code.
 
 CVE-2017-1000251 / #875881
 
@@ -166,8 +165,11 @@
 
 Debian disables unprivileged user namespaces by default, but if they
 are enabled (via the kernel.unprivileged_userns_clone sysctl) then
-CVE-2017-11600, CVE-2017-14497, CVE-2017-1000111, and CVE-2017-1000112
-can be exploited by any local user.
-    
-jessie: 3.16.43-2+deb8u5
-stretch: 4.9.30-2+deb9u5
+CVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited
+by any local user.
+
+For the oldstable distribution (jessie), these problems have been fixed
+in version 3.16.43-2+deb8u5.
+
+For the stable distribution (stretch), these problems have been fixed in
+version 4.9.30-2+deb9u5.

More information about the kernel-sec-discuss mailing list