Author: sectracker Date: 2017-06-19 21:10:17 +0000 (Mon, 19 Jun 2017) New Revision: 52719
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-19 20:10:23 UTC (rev 52718) +++ data/CVE/list 2017-06-19 21:10:17 UTC (rev 52719) @@ -1,29 +1,55 @@ -CVE-2017-1000364 +CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...) + TODO: check +CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...) + TODO: check +CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote ...) + TODO: check +CVE-2017-9760 + RESERVED +CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...) + TODO: check +CVE-2017-9758 + RESERVED +CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...) + TODO: check +CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...) + TODO: check +CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that ...) + TODO: check +CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an ...) + TODO: check +CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...) + TODO: check +CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...) + {DSA-3886-1} - linux <unfixed> [stretch] - linux 4.9.30-2+deb9u1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000365 +CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...) - linux <unfixed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000366 +CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted ...) + {DSA-3887-1 DLA-992-1} - glibc <unfixed> - eglibc <removed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000369 +CVE-2017-1000369 (Exim supports the use of multiple "-p" command line arguments which ...) + {DSA-3888-1} - exim4 <unfixed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000370 +CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a ...) - linux <unfixed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000371 +CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a ...) - linux <unfixed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000376 +CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily ...) + {DSA-3889-1} - libffi 3.2.1-4 NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d NOTE: and additionally cf. #751907 for the configure flag. NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000377 +CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...) NOT-FOR-US: GRSecurity/PAX Linux specific assignment CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ...) - binutils <unfixed> (low) @@ -140,8 +166,8 @@ RESERVED CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for ...) NOT-FOR-US: Poky for Yocto Project -CVE-2017-9730 - RESERVED +CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and ...) + TODO: check CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...) - uclibc <undetermined> TODO: check and check uclibc-ng @@ -418,12 +444,11 @@ NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt -CVE-2017-1000379 - RESERVED +CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the ...) - linux <unfixed> NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt -CVE-2017-1000378 - RESERVED +CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...) + TODO: check CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...) - linux <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2 @@ -1536,6 +1561,7 @@ [jessie] - picocom <no-dsa> (Minor issue) NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a CVE-2017-9241 @@ -2055,15 +2081,19 @@ [wheezy] - dropbear <not-affected> (Vulnerable code not present) NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1 CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...) @@ -2489,9 +2519,11 @@ CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...) NOT-FOR-US: Halliburton LogView Pro CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...) + {DSA-3886-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8 CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the ...) + {DSA-3886-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...) @@ -2601,6 +2633,7 @@ CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...) NOT-FOR-US: ASUS CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...) @@ -4688,6 +4721,7 @@ - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032 CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...) + {DSA-3886-1} - linux 4.9.25-1 [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a @@ -5112,6 +5146,7 @@ CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...) + {DSA-3886-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...) @@ -6057,6 +6092,7 @@ CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...) NOT-FOR-US: SolarWinds CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel ...) + {DSA-3886-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before ...) @@ -6546,6 +6582,7 @@ CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...) NOT-FOR-US: authconfig in Red Hat CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...) @@ -14781,14 +14818,14 @@ RESERVED CVE-2017-4988 RESERVED -CVE-2017-4987 - RESERVED +CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + TODO: check CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...) NOT-FOR-US: EMC -CVE-2017-4985 - RESERVED -CVE-2017-4984 - RESERVED +CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + TODO: check +CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + TODO: check CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before ...) NOT-FOR-US: EMC Data Domain OS CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and ...) @@ -25403,6 +25440,7 @@ CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...) + {DSA-3886-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21 CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits