Author: sectracker Date: 2017-06-20 09:10:14 +0000 (Tue, 20 Jun 2017) New Revision: 52729
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-20 08:46:52 UTC (rev 52728) +++ data/CVE/list 2017-06-20 09:10:14 UTC (rev 52729) @@ -25,7 +25,7 @@ CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...) NOT-FOR-US: OpenBSD CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux <unfixed> [stretch] - linux 4.9.30-2+deb9u1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt @@ -1565,7 +1565,7 @@ [jessie] - picocom <no-dsa> (Minor issue) NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a CVE-2017-9241 @@ -2085,19 +2085,19 @@ [wheezy] - dropbear <not-affected> (Vulnerable code not present) NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1 CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...) @@ -2523,11 +2523,11 @@ CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...) NOT-FOR-US: Halliburton LogView Pro CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8 CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...) @@ -2637,7 +2637,7 @@ CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...) NOT-FOR-US: ASUS CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...) @@ -5150,7 +5150,7 @@ CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...) @@ -6018,8 +6018,7 @@ RESERVED CVE-2017-7680 RESERVED -CVE-2017-7679 [mod_mime Buffer Overread] - RESERVED +CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...) - apache2 <unfixed> CVE-2017-7678 RESERVED @@ -6041,8 +6040,7 @@ RESERVED CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...) - hadoop <itp> (bug #793644) -CVE-2017-7668 [ap_find_token() Buffer Overread] - RESERVED +CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...) - apache2 <unfixed> CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...) NOT-FOR-US: Apache NiFi @@ -6098,7 +6096,7 @@ CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...) NOT-FOR-US: SolarWinds CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before ...) @@ -6588,7 +6586,7 @@ CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...) NOT-FOR-US: authconfig in Red Hat CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...) @@ -17528,12 +17526,12 @@ RESERVED CVE-2017-3746 RESERVED -CVE-2017-3745 - RESERVED -CVE-2017-3744 - RESERVED -CVE-2017-3743 - RESERVED +CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data ...) + TODO: check +CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands ...) + TODO: check +CVE-2017-3743 (If multiple users are concurrently logged into a single system where ...) + TODO: check CVE-2017-3742 RESERVED CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user ...) @@ -19456,12 +19454,12 @@ RESERVED CVE-2017-3217 RESERVED -CVE-2017-3216 - RESERVED -CVE-2017-3215 - RESERVED -CVE-2017-3214 - RESERVED +CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...) + TODO: check +CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens ...) + TODO: check +CVE-2017-3214 (The Milwaukee ONE-KEY Android mobile application stores the master ...) + TODO: check CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...) NOT-FOR-US: Think Mutual Bank Mobile Banking app CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...) @@ -19553,13 +19551,11 @@ RESERVED CVE-2017-3170 RESERVED -CVE-2017-3169 [mod_ssl Null Pointer Dereference] - RESERVED +CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...) - apache2 <unfixed> CVE-2017-3168 RESERVED -CVE-2017-3167 [ap_get_basic_auth_pw authentication bypass] - RESERVED +CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...) - apache2 <unfixed> CVE-2017-3166 RESERVED @@ -25448,7 +25444,7 @@ CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...) - {DSA-3886-1} + {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21 CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits