[Secure-testing-commits] r52719 - data/CVE

Mon Jun 19 21:10:17 UTC 2017

Author: sectracker
Date: 2017-06-19 21:10:17 +0000 (Mon, 19 Jun 2017)
New Revision: 52719

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-06-19 20:10:23 UTC (rev 52718)
+++ data/CVE/list	2017-06-19 21:10:17 UTC (rev 52719)
@@ -1,29 +1,55 @@
-CVE-2017-1000364
+CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...)
+	TODO: check
+CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...)
+	TODO: check
+CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote ...)
+	TODO: check
+CVE-2017-9760
+	RESERVED
+CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...)
+	TODO: check
+CVE-2017-9758
+	RESERVED
+CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...)
+	TODO: check
+CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...)
+	TODO: check
+CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that ...)
+	TODO: check
+CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an ...)
+	TODO: check
+CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...)
+	TODO: check
+CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...)
+	{DSA-3886-1}
 	- linux <unfixed>
 	[stretch] - linux 4.9.30-2+deb9u1
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000365
+CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...)
 	- linux <unfixed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000366
+CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted ...)
+	{DSA-3887-1 DLA-992-1}
 	- glibc <unfixed>
 	- eglibc <removed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000369
+CVE-2017-1000369 (Exim supports the use of multiple "-p" command line arguments which ...)
+	{DSA-3888-1}
 	- exim4 <unfixed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000370
+CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a ...)
 	- linux <unfixed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000371
+CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a ...)
 	- linux <unfixed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000376
+CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily ...)
+	{DSA-3889-1}
 	- libffi 3.2.1-4
 	NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d
 	NOTE: and additionally cf. #751907 for the configure flag.
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000377
+CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...)
 	NOT-FOR-US: GRSecurity/PAX Linux specific assignment
 CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ...)
 	- binutils <unfixed> (low)
@@ -140,8 +166,8 @@
 	RESERVED
 CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for ...)
 	NOT-FOR-US: Poky for Yocto Project
-CVE-2017-9730
-	RESERVED
+CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and ...)
+	TODO: check
 CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...)
 	- uclibc <undetermined>
 	TODO: check and check uclibc-ng
@@ -418,12 +444,11 @@
 	NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
 	NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
 	NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
-CVE-2017-1000379
-	RESERVED
+CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the ...)
 	- linux <unfixed>
 	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000378
-	RESERVED
+CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...)
+	TODO: check
 CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
 	- linux <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -1536,6 +1561,7 @@
 	[jessie] - picocom <no-dsa> (Minor issue)
 	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
 CVE-2017-9241
@@ -2055,15 +2081,19 @@
 	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
 	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
 CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
 CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
 CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
 CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
@@ -2489,9 +2519,11 @@
 CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...)
 	NOT-FOR-US: Halliburton LogView Pro
 CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...)
+	{DSA-3886-1}
 	- linux 4.9.16-1 (low)
 	NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8
 CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the ...)
+	{DSA-3886-1}
 	- linux 4.9.16-1 (low)
 	NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
 CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
@@ -2601,6 +2633,7 @@
 CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
 	NOT-FOR-US: ASUS
 CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
 CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...)
@@ -4688,6 +4721,7 @@
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032
 CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...)
+	{DSA-3886-1}
 	- linux 4.9.25-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a
@@ -5112,6 +5146,7 @@
 CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...)
+	{DSA-3886-1}
 	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...)
@@ -6057,6 +6092,7 @@
 CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
 	NOT-FOR-US: SolarWinds
 CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel ...)
+	{DSA-3886-1}
 	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e
 CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
@@ -6546,6 +6582,7 @@
 CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...)
 	NOT-FOR-US: authconfig in Red Hat
 CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
@@ -14781,14 +14818,14 @@
 	RESERVED
 CVE-2017-4988
 	RESERVED
-CVE-2017-4987
-	RESERVED
+CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
+	TODO: check
 CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...)
 	NOT-FOR-US: EMC
-CVE-2017-4985
-	RESERVED
-CVE-2017-4984
-	RESERVED
+CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
+	TODO: check
+CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
+	TODO: check
 CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before ...)
 	NOT-FOR-US: EMC Data Domain OS
 CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and ...)
@@ -25403,6 +25440,7 @@
 CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...)
+	{DSA-3886-1}
 	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21
 CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...)


