Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dc9ba41f by Salvatore Bonaccorso at 2020-06-30T22:22:24+02:00 Add CVE-2020-11935/aufs Technically if there would not be stretch the issue could be marked as unimportant. The issue is exploitable if the kernel has CONFIG_IMA enabled. CONFIG_IMA was enabled at some point including up to stretch but later on reverted. Both buster and (current) unstable src:linux do not have CONFIG_IMA enabled. Still src:aufs should ideally be ixed, for buster enough in a point release. For stretch the situation is more complex, as many other (security relevant) aufs issues have never been fixed. It might be worth marking the version in stretch as end-of-life. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8435,6 +8435,15 @@ CVE-2020-11936 RESERVED CVE-2020-11935 RESERVED + - aufs <unfixed> + [buster] - aufs <no-dsa> (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release)) + [stretch] - aufs <ignored> (Minor issue; too many other aufs issues open) + NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled. + NOTE: linux/4.9.y had the config enabled, but was disabled in later versions + NOTE: including linux/4.19.y. + NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/ + NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c + NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8 CVE-2020-11934 RESERVED CVE-2020-11933 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9ba41f0e260357ed5a2df5e3d99fc6db74005d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits