[Secure-testing-commits] r48025 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 14 12:10:17 UTC 2017
Author: carnil
Date: 2017-01-14 12:10:16 +0000 (Sat, 14 Jan 2017)
New Revision: 48025
Modified:
data/CVE/list
Log:
Add (already prematurely) the linux fixes for the point release, since comprehensive list
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-14 10:46:19 UTC (rev 48024)
+++ data/CVE/list 2017-01-14 12:10:16 UTC (rev 48025)
@@ -10319,6 +10319,7 @@
RESERVED
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the ...)
- linux 4.6.1-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1)
CVE-2016-9753
@@ -11502,12 +11503,14 @@
CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in ...)
{DLA-772-1}
- linux 4.7.2-1
+ [jessie] - linux 3.16.39-1
NOTE: https://patchwork.kernel.org/patch/8752621/
NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
{DLA-772-1}
- linux 4.8.15-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 [tomcat8: privilege escalation during package removal]
RESERVED
@@ -11546,6 +11549,7 @@
CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not ...)
{DLA-772-1}
- linux 4.8.15-1
+ [jessie] - linux 3.16.39-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...)
@@ -11979,10 +11983,12 @@
CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not ...)
{DLA-772-1}
- linux 4.8.15-2
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...)
{DLA-772-1}
- linux 4.8.15-1
+ [jessie] - linux 3.16.39-1
NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
NOTE: Fixed by: https://git.kernel.org/linux/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9)
@@ -12343,6 +12349,7 @@
NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 (Race condition in the netlink_dump function in ...)
- linux 4.6.3-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Introduced in 3.12)
NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636
@@ -12463,6 +12470,7 @@
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux ...)
{DLA-772-1}
- linux 4.8.11-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of ...)
NOT-FOR-US: Exponent CMS
@@ -13736,6 +13744,7 @@
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the ...)
{DLA-772-1}
- linux 4.7.5-1
+ [jessie] - linux 3.16.39-1
[jessie] - linux <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7)
NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644
@@ -14140,11 +14149,13 @@
TODO: check: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patch looks different, needs investigation
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 ...)
- linux 4.8.11-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://patchwork.kernel.org/patch/9373631/
NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows ...)
- linux 4.8.11-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://patchwork.kernel.org/patch/9373631/
NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
@@ -15230,6 +15241,7 @@
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through ...)
{DLA-772-1}
- linux 4.8.15-1
+ [jessie] - linux 3.16.39-1
NOTE: http://seclists.org/oss-sec/2016/q4/607
NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
@@ -15254,6 +15266,7 @@
NOT-FOR-US: OpenShift Enterprise
CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...)
- linux 4.8.11-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: http://seclists.org/fulldisclosure/2016/Nov/76
NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477
@@ -15285,6 +15298,7 @@
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb ...)
{DLA-772-1}
- linux 4.8.11-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
CVE-2016-8644
RESERVED
@@ -15344,6 +15358,7 @@
CVE-2016-8633 (drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain ...)
{DLA-772-1}
- linux 4.8.7-1
+ [jessie] - linux 3.16.39-1
NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
CVE-2016-8632 (The tipc_msg_build function in net/tipc/msg.c in the Linux kernel ...)
@@ -15531,6 +15546,7 @@
NOTE: https://github.com/projectatomic/bubblewrap/issues/107
CVE-2016-8658 (Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in ...)
- linux 4.7.5-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later in 3.7)
NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
CVE-2016-8606 [REPL server vulnerable to HTTP inter-protocol attacks]
@@ -16042,6 +16058,7 @@
RESERVED
{DLA-772-1}
- linux 4.8.15-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
CVE-2016-8398
RESERVED
@@ -16099,14 +16116,17 @@
CVE-2015-8964 (The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the ...)
{DLA-772-1}
- linux 4.5.1-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/dd42bf1197144ede075a9d4793123f7689e164bc (v4.5-rc1)
CVE-2015-8963 (Race condition in kernel/events/core.c in the Linux kernel before 4.4 ...)
{DLA-772-1}
- linux 4.4.2-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/12ca6ad2e3a896256f086497a7c7406a547ee373 (v4.4)
CVE-2015-8962 (Double free vulnerability in the sg_common_write function in ...)
{DLA-772-1}
- linux 4.4.2-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/f3951a3709ff50990bf3e188c27d346792103432 (v4.4-rc1)
CVE-2015-8961 (The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux ...)
- linux 4.3.3-1
@@ -17962,6 +17982,7 @@
RESERVED
CVE-2016-7917 (The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the ...)
- linux 4.5.1-1 (low)
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c58d6c93680f28ac58984af61d0a7ebf4319c241
CVE-2016-7916 (Race condition in the environ_read function in fs/proc/base.c in the ...)
@@ -17972,6 +17993,7 @@
CVE-2016-7915 (The hid_input_field function in drivers/hid/hid-core.c in the Linux ...)
{DLA-772-1}
- linux 4.6.1-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=50220dead1650609206efe91f0cc116132d59b3f
CVE-2016-7914 (The assoc_array_insert_into_terminal_node function in ...)
- linux 4.5.3-1
@@ -17985,15 +18007,18 @@
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18
CVE-2016-7912 (Use-after-free vulnerability in the ffs_user_copy_worker function in ...)
- linux 4.5.3-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a
CVE-2016-7911 (Race condition in the get_task_ioprio function in block/ioprio.c in ...)
{DLA-772-1}
- linux 4.7.2-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4
CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in ...)
{DLA-772-1}
- linux 4.7.2-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick ...)
{DLA-698-1 DLA-689-1}
@@ -20124,6 +20149,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
- linux 4.1.3-1
+ [jessie] - linux 3.16.39-1
NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
CVE-2016-10057
RESERVED
@@ -20237,6 +20263,7 @@
CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2 ...)
{DLA-772-1}
- linux 4.7.8-1
+ [jessie] - linux 3.16.39-1
NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1368938
@@ -25823,6 +25850,7 @@
RESERVED
CVE-2016-5412 (arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through ...)
- linux 4.7.2-1
+ [jessie] - linux 3.16.39-1
[wheezy] - linux <not-affected> (Transactional memory not supported)
NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
@@ -66463,6 +66491,7 @@
CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set ...)
{DLA-772-1}
- linux 4.8.11-1 (bug #770492)
+ [jessie] - linux 3.16.39-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee
CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS]
More information about the Secure-testing-commits
mailing list