Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db35c425 by Salvatore Bonaccorso at 2021-06-19T08:26:44+02:00
Merge in already the linux updates for buster 10.10 (as d-i based on it)
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2477,6 +2477,7 @@ CVE-2018-25015 (An issue was discovered in the Linux
kernel before 4.14.16. Ther
CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect]
RESERVED
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
RESERVED
@@ -2768,6 +2769,7 @@ CVE-2021-33796
CVE-2021-3573
RESERVED
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
CVE-2021-33795
RESERVED
@@ -3415,6 +3417,7 @@ CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11
allows Remote Command Execut
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI
device in ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
CVE-2021-33524
RESERVED
@@ -4547,6 +4550,7 @@ CVE-2021-33035
RESERVED
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c
has a use ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
CVE-2021-33032
RESERVED
@@ -5981,6 +5985,7 @@ CVE-2021-32400
RESERVED
CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2
has a r ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
CVE-2021-32398
RESERVED
@@ -7135,6 +7140,7 @@ CVE-2021-31917
NOT-FOR-US: Infinispan
CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in
list_devices in ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection
leading to ...)
@@ -7424,6 +7430,7 @@ CVE-2021-3514 (When using a sync_repl client in
389-ds-base, an authenticated at
NOTE: https://github.com/389ds/389-ds-base/issues/4711
CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1
performs unde ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before
1.13.1.0 ...)
@@ -8231,6 +8238,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the
floppy disk emulator of Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in
fs/f2fs/node.c ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <ignored> (f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE:
https://lore.kernel.org/lkml/20210322114730.71103-1-yuch...@huawei.com/
@@ -11356,6 +11364,7 @@ CVE-2021-3484
RESERVED
CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This
issue al ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11.
synic_get ...)
- linux <not-affected> (Vulnerable code introduced later)
@@ -12722,6 +12731,7 @@ CVE-2021-29651 (Pomerium before 0.13.4 has an Open
Redirect (issue 1 of 2). ...)
NOT-FOR-US: Pomerium
CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11.
The netfil ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11.
The user m ...)
- linux 5.10.28-1
@@ -12733,6 +12743,7 @@ CVE-2021-29648 (An issue was discovered in the Linux
kernel before 5.11.11. The
NOTE:
https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11.
qrtr_recvm ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160
CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11.
tipc_nl_re ...)
- linux 5.10.28-1
@@ -13741,6 +13752,7 @@ CVE-2021-29265 (An issue was discovered in the Linux
kernel before 5.11.7. usbip
NOTE:
https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10.
drivers/n ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was
possible ...)
- intellij-idea <itp> (bug #747616)
@@ -13976,12 +13988,14 @@ CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows
LDAP injection via the Web
NOT-FOR-US: ForgeRock OpenAM
CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x.
kernel/bpf ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4
NOTE: Fixes need to be made complete for older series to not open
CVE-2021-33200,
NOTE: cf.
https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a515264...@iogearbox.net/
CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have
incorrect c ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper
versions b ...)
- jasper <removed>
@@ -14405,13 +14419,16 @@ CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby
before 2.6.7, 2.7.x before 2.
NOTE:
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel
through 5. ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
[stretch] - linux <ignored> (Driver is specific to IBM Power systems)
NOTE:
https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in
the Linux ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
CVE-2021-28964 (A race condition was discovered in get_old_root in
fs/btrfs/ctree.c in ...)
- linux 5.10.26-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
CVE-2021-28962
RESERVED
@@ -15068,6 +15085,7 @@ CVE-2021-28689 (x86: Speculative vulnerabilities with
bare (non-shim) 32-bit PV
NOTE: Unfixable design/architecture limitation, no fix planned
CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such
that subs ...)
- linux 5.10.28-1
+ [buster] - linux 4.19.194-1
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
NOTE:
https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before
2.3.0.3 allow ...)
@@ -28228,10 +28246,12 @@ CVE-2021-23135 (Exposure of System Data to an
Unauthorized Control Sphere vulner
NOT-FOR-US: Argo CD
CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux
Kernel before ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4
CVE-2021-23133 (A race condition in Linux kernel SCTP sockets
(net/sctp/socket.c) befo ...)
- linux 5.10.38-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2
CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24.
com_media all ...)
@@ -40760,6 +40780,7 @@ CVE-2020-29375 (An issue was discovered on V-SOL V1600D
V2.03.69 and V2.03.57, V
NOT-FOR-US: V-SOL devices
CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3,
related to m ...)
- linux 5.7.6-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
CVE-2020-29373 (An issue was discovered in fs/io_uring.c in the Linux kernel
before 5. ...)
@@ -47994,6 +48015,7 @@ CVE-2021-0130
CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated
user to po ...)
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
+ [buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
NOTE:
https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
@@ -50825,6 +50847,7 @@ CVE-2020-26559 (Bluetooth Mesh Provisioning in the
Bluetooth Mesh profile 1.0 an
CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification ...)
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
+ [buster] - linux 4.19.194-1
NOTE: https://kb.cert.org/vuls/id/799380
NOTE:
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602
@@ -51793,6 +51816,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c
0.4.5 allows attackers to
NOTE:
https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP,
WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
@@ -51831,6 +51855,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA
Windows 10 driver 6.1316.120
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access
Point ( ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
@@ -53000,17 +53025,17 @@ CVE-2020-25673 (A vulnerability was found in Linux
kernel where non-blocking soc
CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in
llcp_sock_con ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount
leak in ll ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak
in llcp_ ...)
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
- [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the
function sunkb ...)
{DLA-2494-1 DLA-2483-1}
@@ -55581,6 +55606,7 @@ CVE-2020-24589 (The Management Console in WSO2 API
Manager through 3.1.0 and API
NOT-FOR-US: WSO2
CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
@@ -55588,6 +55614,7 @@ CVE-2020-24588 (The 802.11 standard that underpins
Wi-Fi Protected Access (WPA,
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
@@ -55595,6 +55622,7 @@ CVE-2020-24587 (The 802.11 standard that underpins
Wi-Fi Protected Access (WPA,
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
- linux <unfixed>
+ [buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johan...@sipsolutions.net/
=====================================
data/next-point-update.txt
=====================================
@@ -144,68 +144,6 @@ CVE-2021-3541
[buster] - libxml2 2.9.4+dfsg1-7+deb10u2
CVE-2021-33833
[buster] - connman 1.36-2.1~deb10u2
-CVE-2020-24586
- [buster] - linux 4.19.194-1
-CVE-2020-24587
- [buster] - linux 4.19.194-1
-CVE-2020-24588
- [buster] - linux 4.19.194-1
-CVE-2020-25670
- [buster] - linux 4.19.194-1
-CVE-2020-25671
- [buster] - linux 4.19.194-1
-CVE-2020-25672
- [buster] - linux 4.19.194-1
-CVE-2020-26139
- [buster] - linux 4.19.194-1
-CVE-2020-26147
- [buster] - linux 4.19.194-1
-CVE-2020-26558
- [buster] - linux 4.19.194-1
-CVE-2020-29374
- [buster] - linux 4.19.194-1
-CVE-2021-0129
- [buster] - linux 4.19.194-1
-CVE-2021-23133
- [buster] - linux 4.19.194-1
-CVE-2021-23134
- [buster] - linux 4.19.194-1
-CVE-2021-28688
- [buster] - linux 4.19.194-1
-CVE-2021-28964
- [buster] - linux 4.19.194-1
-CVE-2021-28971
- [buster] - linux 4.19.194-1
-CVE-2021-28972
- [buster] - linux 4.19.194-1
-CVE-2021-29154
- [buster] - linux 4.19.194-1
-CVE-2021-29155
- [buster] - linux 4.19.194-1
-CVE-2021-29264
- [buster] - linux 4.19.194-1
-CVE-2021-29647
- [buster] - linux 4.19.194-1
-CVE-2021-29650
- [buster] - linux 4.19.194-1
-CVE-2021-31829
- [buster] - linux 4.19.194-1
-CVE-2021-31916
- [buster] - linux 4.19.194-1
-CVE-2021-32399
- [buster] - linux 4.19.194-1
-CVE-2021-33034
- [buster] - linux 4.19.194-1
-CVE-2021-3483
- [buster] - linux 4.19.194-1
-CVE-2021-3506
- [buster] - linux 4.19.194-1
-CVE-2021-3564
- [buster] - linux 4.19.194-1
-CVE-2021-3573
- [buster] - linux 4.19.194-1
-CVE-2021-3587
- [buster] - linux 4.19.194-1
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
CVE-2019-17134
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db35c42516df8840c94bdf9da7701d0fe496b09d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
