Author: sectracker
Date: 2017-06-19 21:10:17 +0000 (Mon, 19 Jun 2017)
New Revision: 52719
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-19 20:10:23 UTC (rev 52718)
+++ data/CVE/list 2017-06-19 21:10:17 UTC (rev 52719)
@@ -1,29 +1,55 @@
-CVE-2017-1000364
+CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB
before ...)
+ TODO: check
+CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0
allows ...)
+ TODO: check
+CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0
allows remote ...)
+ TODO: check
+CVE-2017-9760
+ RESERVED
+CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via
the ...)
+ TODO: check
+CVE-2017-9758
+ RESERVED
+CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in
ids.cgi via ...)
+ TODO: check
+CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below
the stack ...)
+ TODO: check
+CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard
page that ...)
+ TODO: check
+CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not
randomized, an ...)
+ TODO: check
+CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard
page that ...)
+ TODO: check
+CVE-2017-1000364 (An issue was discovered in the size of the stack guard page
on Linux, ...)
+ {DSA-3886-1}
- linux <unfixed>
[stretch] - linux 4.9.30-2+deb9u1
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000365
+CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments
and ...)
- linux <unfixed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000366
+CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted
...)
+ {DSA-3887-1 DLA-992-1}
- glibc <unfixed>
- eglibc <removed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000369
+CVE-2017-1000369 (Exim supports the use of multiple "-p" command
line arguments which ...)
+ {DSA-3888-1}
- exim4 <unfixed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000370
+CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a
...)
- linux <unfixed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000371
+CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a
...)
- linux <unfixed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000376
+CVE-2017-1000376 (libffi requests an executable stack allowing attackers to
more easily ...)
+ {DSA-3889-1}
- libffi 3.2.1-4
NOTE:
https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d
NOTE: and additionally cf. #751907 for the configure flag.
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000377
+CVE-2017-1000377 (An issue was discovered in the size of the default stack
guard page on ...)
NOT-FOR-US: GRSecurity/PAX Linux specific assignment
CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c
in GNU ...)
- binutils <unfixed> (low)
@@ -140,8 +166,8 @@
RESERVED
CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0
for ...)
NOT-FOR-US: Poky for Yocto Project
-CVE-2017-9730
- RESERVED
+CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version
6.0 and ...)
+ TODO: check
CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled
recursion) ...)
- uclibc <undetermined>
TODO: check and check uclibc-ng
@@ -418,12 +444,11 @@
NOTE: Fixed by (kmail):
https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
NOTE: Fixed by (messagelib):
https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
-CVE-2017-1000379
- RESERVED
+CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map
the ...)
- linux <unfixed>
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
-CVE-2017-1000378
- RESERVED
+CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not
randomized, an ...)
+ TODO: check
CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
@@ -1536,6 +1561,7 @@
[jessie] - picocom <no-dsa> (Minor issue)
NOTE:
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the
Linux ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE:
https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
CVE-2017-9241
@@ -2055,15 +2081,19 @@
[wheezy] - dropbear <not-affected> (Vulnerable code not present)
NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the
Linux ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in
the Linux ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the
Linux ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel
through ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
CVE-2017-9073 (A buffer overflow in Smart Card authentication code in
gpkcsp.dll in ...)
@@ -2489,9 +2519,11 @@
CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows
attackers to ...)
NOT-FOR-US: Halliburton LogView Pro
CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in
the Linux ...)
+ {DSA-3886-1}
- linux 4.9.16-1 (low)
NOTE: Fixed by:
https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8
CVE-2017-8924 (The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the ...)
+ {DSA-3886-1}
- linux 4.9.16-1 (low)
NOTE: Fixed by:
https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP
through ...)
@@ -2601,6 +2633,7 @@
CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through
3.0.0.4.380.7378 ...)
NOT-FOR-US: ASUS
CVE-2017-8890 (The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group]
parameter to ...)
@@ -4688,6 +4721,7 @@
- linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032
CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel
4.9.x ...)
+ {DSA-3886-1}
- linux 4.9.25-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a
@@ -5112,6 +5146,7 @@
CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
NOT-FOR-US: Trend Micro
CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel
through ...)
+ {DSA-3886-1}
- linux 4.9.25-1
NOTE: Fixed by:
https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was
used ...)
@@ -6057,6 +6092,7 @@
CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4
allows an ...)
NOT-FOR-US: SolarWinds
CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel ...)
+ {DSA-3886-1}
- linux 4.9.25-1
NOTE: Fixed by:
https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e
CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS
before ...)
@@ -6546,6 +6582,7 @@
CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information
exposure ...)
NOT-FOR-US: authconfig in Red Hat
CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux
kernel ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information
leak in ...)
@@ -14781,14 +14818,14 @@
RESERVED
CVE-2017-4988
RESERVED
-CVE-2017-4987
- RESERVED
+CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1
versions ...)
+ TODO: check
CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that
could ...)
NOT-FOR-US: EMC
-CVE-2017-4985
- RESERVED
-CVE-2017-4984
- RESERVED
+CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1
versions ...)
+ TODO: check
+CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1
versions ...)
+ TODO: check
CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0
before ...)
NOT-FOR-US: EMC Data Domain OS
CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0,
and ...)
@@ -25403,6 +25440,7 @@
CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace
subsystem ...)
+ {DSA-3886-1}
- linux 4.9.30-1
NOTE: Fixed by:
https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21
CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm
power ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
