anonym wrote (02 Apr 2014 14:50:51 GMT) : > Looking at the Debian changelog for the Linux kernel it seems only these > changes have CVE:s:
Thanks! I've had a look (details below) and my conclusion is that... I'm unsure if it's worth taking the risk of introducing regressions in 1.0. Other opinions? > * nfqueue: Orphan frags in nfqnl_zcopy() and handle errors > (CVE-2014-2568) Info leak triggered from the LAN. > * cifs: ensure that uncached writes handle unmapped areas correctly > (CVE-2014-0069) I don't care much about cifs in Tails. > * kvm: x86: fix emulator buffer overflow (CVE-2014-0049) Only affects KVM hosts, so n/a. > * net: fix for a race condition in the inet frag code (CVE-2014-0100) use-after-free => DoS and "possibly [...] unspecified other impact" Over ICMP, so generally exploitable only on the LAN. Requires high CPU load on the attacked system. This one seems worth fixing. > * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable > (CVE-2014-0101) I don't care much about sctp in Tails. > * KEYS: Make the keyring cycle detector ignore other keyrings of the > same name (CVE-2014-0102) Local users can trigger oops. No big deal. > * skbuff: skb_segment: orphan frags before copying (CVE-2014-0131) Info leak triggered from the LAN. > * ipv6: don't set DST_NOCOUNT for remotely added routes (CVE-2014-2309) n/a, we block external IPv6. > Another good resource is > <http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/Linux-Linux-Kernel.html> > where we can see CVE:s not fixed in any Debian kernel yet as well. FWIW, I was not able to use this web site to give me any Debian-specific information. The Debian security tracker feels more useful to me: https://security-tracker.debian.org/tracker/source-package/linux Cheers! -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.