Author: benh
Date: 2016-12-16 16:35:55 +0000 (Fri, 16 Dec 2016)
New Revision: 47137
Modified:
data/CVE/list
Log:
Triage CVE-2016-8655
It's much less serious without unprivileged user namespaces enabled,
and that isn't even an option in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-16 14:44:14 UTC (rev 47136)
+++ data/CVE/list 2016-12-16 16:35:55 UTC (rev 47137)
@@ -11154,10 +11154,11 @@
NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel
through ...)
- linux <unfixed>
+ [wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2016/q4/607
NOTE: Introduced by:
https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
- NOTE: Non-privileged user namespaces disabled by default, only
vulnerable with sysctl kernel.unprivileged_userns_clone=1
+ NOTE: Non-privileged user namespaces disabled by default, only
exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
RESERVED
{DLA-739-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
