[Secure-testing-commits] r42847 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jun 28 09:10:15 UTC 2016
Author: sectracker
Date: 2016-06-28 09:10:15 +0000 (Tue, 28 Jun 2016)
New Revision: 42847
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-28 08:40:56 UTC (rev 42846)
+++ data/CVE/list 2016-06-28 09:10:15 UTC (rev 42847)
@@ -1756,11 +1756,11 @@
{DSA-3597-1 DLA-508-1}
- expat 2.1.1-3
CVE-2016-5244 (The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629110/
CVE-2016-5243 (The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.6.2-1
NOTE: https://patchwork.ozlabs.org/patch/629100/
CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
@@ -2558,10 +2558,12 @@
RESERVED
CVE-2016-4998 [out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt]
RESERVED
+ {DSA-3607-1}
- linux 4.6.2-2
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4997 [Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt]
RESERVED
+ {DSA-3607-1}
- linux 4.6.2-2
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4996
@@ -3268,7 +3270,7 @@
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
NOT-FOR-US: Citrix
CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.4-1
NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912
@@ -3320,6 +3322,7 @@
NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
NOTE: PHP bug: https://bugs.php.net/bug.php?id=69793
CVE-2016-4805 (Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the ...)
+ {DSA-3607-1}
- linux 4.5.2-1
[wheezy] - linux 3.2.81-1
NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
@@ -3770,7 +3773,7 @@
CVE-2016-4582
RESERVED
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.5-1
NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW ...)
@@ -3798,6 +3801,7 @@
CVE-2016-4573
RESERVED
CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...)
+ {DSA-3607-1}
- linux 4.5.4-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/5ec0811d30378ae104f250bfc9b3640242d81e3f (v4.6-rc7)
@@ -3816,13 +3820,13 @@
NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not initialize ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.5-1
NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=e4ec8cc8039a7063e24204299b462bd1383184a5
NOTE: Both commits not yet in Linus tree
CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.5-1
NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
NOTE: https://git.kernel.org/cgit/linux/kernel/git/tiwai/sound.git/commit/?h=for-next&id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e (not yet merged in Linus tree)
@@ -3863,7 +3867,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
NOTE: Introduced by: https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.3-1
NOTE: Fixed by: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551
@@ -4321,11 +4325,11 @@
[jessie] - openafs <no-dsa> (Minor issue, can be included in a future DSA or via jessie-pu)
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.4-1
NOTE: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.4-1
NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
CVE-2016-4484
@@ -4354,6 +4358,7 @@
CVE-2016-4471
RESERVED
CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux ...)
+ {DSA-3607-1}
- linux 4.6.2-2
NOTE: https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html
CVE-2016-4469
@@ -4540,7 +4545,7 @@
[jessie] - dotclear <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.5-1
NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
@@ -5530,7 +5535,7 @@
NOTE: World readable files in /etc/quagga as well in Debian
CVE-2016-3955 [remote buffer overflow in usbip]
RESERVED
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
@@ -5877,7 +5882,7 @@
CVE-2016-3962
RESERVED
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
@@ -5895,7 +5900,7 @@
CVE-2016-3952
RESERVED
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
@@ -6600,7 +6605,7 @@
CVE-2016-3673
RESERVED
CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
@@ -7781,7 +7786,7 @@
NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only
NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
NOTE: http://xenbits.xen.org/xsa/advisory-171.html
NOTE: https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
@@ -7825,6 +7830,7 @@
CVE-2016-3143
RESERVED
CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles ...)
+ {DSA-3607-1}
- linux 4.5.1-1
[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
@@ -8021,6 +8027,7 @@
- libreswan <itp> (bug #773459)
CVE-2016-3070 [Null pointer dereference in trace_writeback_dirty_page()]
RESERVED
+ {DSA-3607-1}
- linux 4.4.2-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1306851
@@ -8091,7 +8098,7 @@
NOTE: https://github.com/proftpd/proftpd/commit/d9f9d469ce1da09c7935f509797d488fa2d08697
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: http://seclists.org/bugtraq/2016/Mar/61
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
@@ -8104,18 +8111,18 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: http://seclists.org/bugtraq/2016/Mar/54
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: http://seclists.org/bugtraq/2016/Mar/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: http://seclists.org/bugtraq/2016/Mar/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
@@ -8578,7 +8585,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1
[wheezy] - linux <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
@@ -11119,25 +11126,25 @@
NOTE: http://seclists.org/bugtraq/2016/Mar/87
NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317015
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283384
NOTE: http://seclists.org/bugtraq/2016/Mar/85
NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317014
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.5.1-1 (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317012
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
@@ -11251,7 +11258,7 @@
CVE-2016-2144
REJECTED
CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.4.6-1
[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
@@ -11314,6 +11321,7 @@
NOTE: https://www.samba.org/samba/security/CVE-2016-2118.html
NOTE: http://badlock.org/
CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in ...)
+ {DSA-3607-1}
- linux 4.5.2-1
[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
@@ -13413,7 +13421,7 @@
CVE-2016-1584
RESERVED
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...)
- lxd <itp> (bug #768073)
@@ -14731,6 +14739,7 @@
RESERVED
CVE-2016-1237 [nfsd: any user can set a file's ACL over NFS and grant access to it]
RESERVED
+ {DSA-3607-1}
- linux 4.6.2-2
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1)
@@ -15998,7 +16007,7 @@
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before ...)
TODO: check
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
- {DLA-516-1}
+ {DSA-3607-1 DLA-516-1}
- linux 4.3.1-1
NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)
@@ -21568,6 +21577,7 @@
RESERVED
NOT-FOR-US: Onos
CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the ...)
+ {DSA-3607-1}
- linux 4.4.2-1
[wheezy] - linux 3.2.81-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326
More information about the Secure-testing-commits
mailing list