[kernel-sec-discuss] r3661 - active
Ben Hutchings
benh at moszumanska.debian.org
Thu Jan 29 05:00:21 UTC 2015
Author: benh
Date: 2015-01-29 05:00:21 +0000 (Thu, 29 Jan 2015)
New Revision: 3661
Modified:
active/CVE-2013-7421
active/CVE-2014-7822
active/CVE-2014-8160
active/CVE-2014-9420
active/CVE-2014-9585
active/CVE-2014-9644
active/CVE-2015-0239
Log:
Update status of issues with fixes pending for {squeeze,wheezy}-security
Modified: active/CVE-2013-7421
===================================================================
--- active/CVE-2013-7421 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2013-7421 2015-01-29 05:00:21 UTC (rev 3661)
@@ -7,7 +7,7 @@
upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: needed
Modified: active/CVE-2014-7822
===================================================================
--- active/CVE-2014-7822 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-7822 2015-01-29 05:00:21 UTC (rev 3661)
@@ -9,7 +9,7 @@
upstream: released (v3.16-rc1) [8d0207652cbe27d1f962050737848e5ad4671958]
2.6.32-upstream-stable: needed
sid: released (3.16.2-1)
-3.2-wheezy-security: needed
-2.6.32-squeeze-security: needed
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch]
+2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/splice-apply-generic-position-and-size-checks-to-eac.patch]
3.16-upstream-stable: N/A "fixed before 3.16"
3.2-upstream-stable: needed
Modified: active/CVE-2014-8160
===================================================================
--- active/CVE-2014-8160 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-8160 2015-01-29 05:00:21 UTC (rev 3661)
@@ -6,7 +6,7 @@
upstream: released (3.18) [db29a9508a9246e77087c5531e45b2c88ec6988b]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt4-1) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch]
-3.16-upstream-stable:
-3.2-upstream-stable:
+3.16-upstream-stable: needed
+3.2-upstream-stable: needed
Modified: active/CVE-2014-9420
===================================================================
--- active/CVE-2014-9420 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9420 2015-01-29 05:00:21 UTC (rev 3661)
@@ -8,4 +8,4 @@
3.2-wheezy-security: released (3.2.65-1) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch]
3.16-upstream-stable: released (3.16.7-ckt4)
-3.2-upstream-stable:
+3.2-upstream-stable: needed
Modified: active/CVE-2014-9585
===================================================================
--- active/CVE-2014-9585 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9585 2015-01-29 05:00:21 UTC (rev 3661)
@@ -6,7 +6,7 @@
upstream: released (3.19-rc4) [394f56fe480140877304d342dec46d50dc823d46]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt4-1) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
2.6.32-squeeze-security: pending (2.6.32-48squeeze11) [bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch]
3.16-upstream-stable: pending (3.16.7-ckt5)
-3.2-upstream-stable:
+3.2-upstream-stable: needed
Modified: active/CVE-2014-9644
===================================================================
--- active/CVE-2014-9644 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2014-9644 2015-01-29 05:00:21 UTC (rev 3661)
@@ -7,7 +7,7 @@
upstream: released (3.19-rc6) [5d26a105b5a73e5635eae0629b42fa0a90e07b7b, 4943ba16bbc2db05115707b3ff7b4874e9e3c560, 3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf]
2.6.32-upstream-stable: N/A "Introduced in 2.6.38"
sid: released (3.16.7-ckt4-2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
-3.2-wheezy-security:
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch, bugfix/all/crypto-include-crypto-module-prefix-in-template.patch, +bugfix/all/crypto-add-missing-crypto-module-aliases.patch]
2.6.32-squeeze-security: N/A "Introduced in 2.6.38"
3.16-upstream-stable: needed
-3.2-upstream-stable:
+3.2-upstream-stable: needed
Modified: active/CVE-2015-0239
===================================================================
--- active/CVE-2015-0239 2015-01-29 02:26:22 UTC (rev 3660)
+++ active/CVE-2015-0239 2015-01-29 05:00:21 UTC (rev 3661)
@@ -1,11 +1,16 @@
Description: KVM: x86: SYSENTER emulation is broken
References: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050
Notes:
+ bwh> This revealed another earlier fix, commit 1a18a69b7623 ("KVM: x86
+ bwh> emulator: reject SYSENTER in compatibility mode on AMD guests").
+ bwh> It wasn't marked for stable but the bug might be exploitable by
+ bwh> guest userland to crash the guest system. I've queued it up for
+ bwh> wheezy-security along with this.
Bugs:
upstream: released (3.19-rc6) [f3747379accba8e95d70cec0eae0582c8c182050]
2.6.32-upstream-stable: needed
sid: released (3.16.7-ckt4-2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
-3.2-wheezy-security: needed
+3.2-wheezy-security: pending (3.2.65-1+deb7u2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
3.16-upstream-stable: needed
3.2-upstream-stable: needed
More information about the kernel-sec-discuss
mailing list