[kernel-sec-discuss] [Git][kernel-team/kernel-sec][master] 2 commits: Sync with sent advisory

Salvatore Bonaccorso gitlab at salsa.debian.org
Tue Jan 9 19:44:24 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian kernel team / kernel-sec


Commits:
e83e88c1 by Salvatore Bonaccorso at 2018-01-09T20:40:46+01:00
Sync with sent advisory

- - - - -
d7539af4 by Salvatore Bonaccorso at 2018-01-09T20:44:03+01:00
Fix retrospectively description of CVE-2017-17805

- - - - -


1 changed file:

- dsa-texts/3.16.51-3+deb8u1


Changes:

=====================================
dsa-texts/3.16.51-3+deb8u1
=====================================
--- a/dsa-texts/3.16.51-3+deb8u1
+++ b/dsa-texts/3.16.51-3+deb8u1
@@ -99,10 +99,10 @@ CVE-2017-17741
 
 CVE-2017-17805
 
-    Dmitry Vyukov reported that the KVM implementation for x86 would
-    over-read data from memory when emulating an MMIO write if the
-    kvm_mmio tracepoint was enabled.  A guest virtual machine might be
-    able to use this to cause a denial of service (crash).
+    It was discovered that some implementations of the Salsa20 block
+    cipher did not correctly handle zero-length input.  A local user
+    could use this to cause a denial of service (crash) or possibly
+    have other security impact.
 
 CVE-2017-17806
 
@@ -133,5 +133,5 @@ CVE-2017-1000410
     attacker able to communicate over Bluetooth could use this to
     obtain sensitive information from the kernel.
 
-For the oldstable distribution (jessie), these problem have been fixed in
-version 3.16.51-3+deb8u1.
+For the oldstable distribution (jessie), these problems have been fixed
+in version 3.16.51-3+deb8u1.



View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/compare/582bd036a8776b63cd0e81f699e72d750c935e5a...d7539af4ff0bf88312ed6436c215672ed1a67a13

---
View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/compare/582bd036a8776b63cd0e81f699e72d750c935e5a...d7539af4ff0bf88312ed6436c215672ed1a67a13
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/kernel-sec-discuss/attachments/20180109/e02a8010/attachment-0001.html>

More information about the kernel-sec-discuss mailing list