[Git][security-tracker-team/security-tracker][master] Merge in already the linux updates for buster 10.10 (as d-i based on it)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 19 07:27:11 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
db35c425 by Salvatore Bonaccorso at 2021-06-19T08:26:44+02:00
Merge in already the linux updates for buster 10.10 (as d-i based on it)
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2477,6 +2477,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect]
RESERVED
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
RESERVED
@@ -2768,6 +2769,7 @@ CVE-2021-33796
CVE-2021-3573
RESERVED
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795
RESERVED
@@ -3415,6 +3417,7 @@ CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execut
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
CVE-2021-33524
RESERVED
@@ -4547,6 +4550,7 @@ CVE-2021-33035
RESERVED
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
CVE-2021-33032
RESERVED
@@ -5981,6 +5985,7 @@ CVE-2021-32400
RESERVED
CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
CVE-2021-32398
RESERVED
@@ -7135,6 +7140,7 @@ CVE-2021-31917
NOT-FOR-US: Infinispan
CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...)
@@ -7424,6 +7430,7 @@ CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated at
NOTE: https://github.com/389ds/389-ds-base/issues/4711
CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
@@ -8231,6 +8238,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <ignored> (f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
@@ -11356,6 +11364,7 @@ CVE-2021-3484
RESERVED
CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
- linux <not-affected> (Vulnerable code introduced later)
@@ -12722,6 +12731,7 @@ CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
NOT-FOR-US: Pomerium
CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...)
- linux 5.10.28-1
@@ -12733,6 +12743,7 @@ CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The
NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160
CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...)
- linux 5.10.28-1
@@ -13741,6 +13752,7 @@ CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip
NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...)
- intellij-idea <itp> (bug #747616)
@@ -13976,12 +13988,14 @@ CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Web
NOT-FOR-US: ForgeRock OpenAM
CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4
NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200,
NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a51526418b@iogearbox.net/
CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
- jasper <removed>
@@ -14405,13 +14419,16 @@ CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.
NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <ignored> (Driver is specific to IBM Power systems)
NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
CVE-2021-28962
RESERVED
@@ -15068,6 +15085,7 @@ CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV
NOTE: Unfixable design/architecture limitation, no fix planned
CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
@@ -28228,10 +28246,12 @@ CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulner
NOT-FOR-US: Argo CD
CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4
CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2
CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
@@ -40760,6 +40780,7 @@ CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V
NOT-FOR-US: V-SOL devices
CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3, related to m ...)
- linux 5.7.6-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
CVE-2020-29373 (An issue was discovered in fs/io_uring.c in the Linux kernel before 5. ...)
@@ -47994,6 +48015,7 @@ CVE-2021-0130
CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...)
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
+ [buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
@@ -50825,6 +50847,7 @@ CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 an
CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...)
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
+ [buster] - linux 4.19.194-1
NOTE: https://kb.cert.org/vuls/id/799380
NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602
@@ -51793,6 +51816,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to
NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -51831,6 +51855,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.120
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -53000,17 +53025,17 @@ CVE-2020-25673 (A vulnerability was found in Linux kernel where non-blocking soc
CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_sock_con ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount leak in ll ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak in llcp_ ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the function sunkb ...)
{DLA-2494-1 DLA-2483-1}
@@ -55581,6 +55606,7 @@ CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API
NOT-FOR-US: WSO2
CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -55588,6 +55614,7 @@ CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
@@ -55595,6 +55622,7 @@ CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA,
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
=====================================
data/next-point-update.txt
=====================================
@@ -144,68 +144,6 @@ CVE-2021-3541
[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
CVE-2021-33833
[buster] - connman 1.36-2.1~deb10u2
-CVE-2020-24586
- [buster] - linux 4.19.194-1
-CVE-2020-24587
- [buster] - linux 4.19.194-1
-CVE-2020-24588
- [buster] - linux 4.19.194-1
-CVE-2020-25670
- [buster] - linux 4.19.194-1
-CVE-2020-25671
- [buster] - linux 4.19.194-1
-CVE-2020-25672
- [buster] - linux 4.19.194-1
-CVE-2020-26139
- [buster] - linux 4.19.194-1
-CVE-2020-26147
- [buster] - linux 4.19.194-1
-CVE-2020-26558
- [buster] - linux 4.19.194-1
-CVE-2020-29374
- [buster] - linux 4.19.194-1
-CVE-2021-0129
- [buster] - linux 4.19.194-1
-CVE-2021-23133
- [buster] - linux 4.19.194-1
-CVE-2021-23134
- [buster] - linux 4.19.194-1
-CVE-2021-28688
- [buster] - linux 4.19.194-1
-CVE-2021-28964
- [buster] - linux 4.19.194-1
-CVE-2021-28971
- [buster] - linux 4.19.194-1
-CVE-2021-28972
- [buster] - linux 4.19.194-1
-CVE-2021-29154
- [buster] - linux 4.19.194-1
-CVE-2021-29155
- [buster] - linux 4.19.194-1
-CVE-2021-29264
- [buster] - linux 4.19.194-1
-CVE-2021-29647
- [buster] - linux 4.19.194-1
-CVE-2021-29650
- [buster] - linux 4.19.194-1
-CVE-2021-31829
- [buster] - linux 4.19.194-1
-CVE-2021-31916
- [buster] - linux 4.19.194-1
-CVE-2021-32399
- [buster] - linux 4.19.194-1
-CVE-2021-33034
- [buster] - linux 4.19.194-1
-CVE-2021-3483
- [buster] - linux 4.19.194-1
-CVE-2021-3506
- [buster] - linux 4.19.194-1
-CVE-2021-3564
- [buster] - linux 4.19.194-1
-CVE-2021-3573
- [buster] - linux 4.19.194-1
-CVE-2021-3587
- [buster] - linux 4.19.194-1
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
CVE-2019-17134
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210619/7cc1ea15/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list