[kernel-sec-discuss] r3661 - active

Ben Hutchings benh at moszumanska.debian.org
Thu Jan 29 05:00:21 UTC 2015 

Author: benh
Date: 2015-01-29 05:00:21 +0000 (Thu, 29 Jan 2015)
New Revision: 3661

Modified:
   active/CVE-2013-7421
   active/CVE-2014-7822
   active/CVE-2014-8160
   active/CVE-2014-9420
   active/CVE-2014-9585
   active/CVE-2014-9644
   active/CVE-2015-0239
Log:
Update status of issues with fixes pending for {squeeze,wheezy}-security

Modified: active/CVE-2013-7421
===================================================================
--- active/CVE-2013-7421	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2013-7421	2015-01-29 05:00:21 UTC (rev 3661)
@@ -7,7 +7,7 @@
 upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
 2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
 sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
 2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
 3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: needed

Modified: active/CVE-2014-7822
===================================================================
--- active/CVE-2014-7822	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-7822	2015-01-29 05:00:21 UTC (rev 3661)
@@ -9,7 +9,7 @@
 upstream: released (v3.16-rc1) [8d0207652cbe27d1f962050737848e5ad4671958]
 2.6.32-upstream-stable: needed
 sid: released (3.16.2-1)
-3.2-wheezy-security: needed
-2.6.32-squeeze-security: needed
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch]
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch]
 3.16-upstream-stable: N/A "fixed before 3.16"
 3.2-upstream-stable: needed

Modified: active/CVE-2014-8160
===================================================================
--- active/CVE-2014-8160	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-8160	2015-01-29 05:00:21 UTC (rev 3661)
@@ -6,7 +6,7 @@
 upstream: released (3.18) [db29a9508a9246e77087c5531e45b2c88ec6988b]
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
 2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed

Modified: active/CVE-2014-9420
===================================================================
--- active/CVE-2014-9420	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9420	2015-01-29 05:00:21 UTC (rev 3661)
@@ -8,4 +8,4 @@
 3.2-wheezy-security: released (3.2.65-1) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
 2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
 3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable:
+3.2-upstream-stable: needed

Modified: active/CVE-2014-9585
===================================================================
--- active/CVE-2014-9585	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9585	2015-01-29 05:00:21 UTC (rev 3661)
@@ -6,7 +6,7 @@
 upstream: released (3.19-rc4) [394f56fe480140877304d342dec46d50dc823d46]
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-1) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
 2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
 3.16-upstream-stable: pending (3.16.7-ckt5)
-3.2-upstream-stable:
+3.2-upstream-stable: needed

Modified: active/CVE-2014-9644
===================================================================
--- active/CVE-2014-9644	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9644	2015-01-29 05:00:21 UTC (rev 3661)
@@ -7,7 +7,7 @@
 upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
 2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
 sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
 2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
 3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: needed

Modified: active/CVE-2015-0239
===================================================================
--- active/CVE-2015-0239	2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2015-0239	2015-01-29 05:00:21 UTC (rev 3661)
@@ -1,11 +1,16 @@
 Description: KVM: x86: SYSENTER emulation is broken
 References: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050
 Notes:
+ bwh> This revealed another earlier fix, commit 1a18a69b7623 ("KVM: x86
+ bwh> emulator: reject SYSENTER in compatibility mode on AMD guests").
+ bwh> It wasn't marked for stable but the bug might be exploitable by
+ bwh> guest userland to crash the guest system.  I've queued it up for
+ bwh> wheezy-security along with this.
 Bugs:
 upstream: released (3.19-rc6) [f3747379accba8e95d70cec0eae0582c8c182050]
 2.6.32-upstream-stable: needed
 sid: released (3.16.7-ckt4-2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
 2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed

More information about the kernel-sec-discuss mailing list