1. Cip-Dev
  2. Messages

[Git][cip-project/cip-kernel/cip-kernel-sec][master] 2 commits: Mark CVE-2019-11487 to be ignored for 3.16 and 4.4

Agustin Benito Bethencourt
 

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

  • 45959f97
    by Ben Hutchings at 2019-06-13T21:07:43Z 
    Mark CVE-2019-11487 to be ignored for 3.16 and 4.4
  • f06464f8
    by Ben Hutchings at 2019-06-13T21:12:52Z 
    Mark eBPF filter denial-of-service to be ignored for 4.4

2 changed files:

Changes:

  • issues/CVE-2018-ebpf-filter-dos.yml
    1 1 
     description: Ability to fill entire module space with eBPF JIT socket filters
    2 2 
     comments:
    3 3 
       Debian-bwh: This should be minor for Debian because we don't enable JIT by default.
    4 
    +  bwh: |
    5 
    +    It was not safe to enable BPF JIT for unprivileged users before
    6 
    +    commit 4f3446bb809f "bpf: add generic constant blinding for use in
    7 
    +    jits" in Linux 4.7, so this can be ignored for older versions.
    4 8 
     introduced-by:
    5 9 
       linux-4.14.y: [6fde36d5ce7ba4303865d5e11601cd3094e5909b]
    6 10 
       linux-4.4.y: [28c486744e6de4d882a1d853aa63d99fcba4b7a6]
    ... ... @@ -10,3 +14,6 @@ introduced-by:
    10 14 
     fixed-by:
    11 15 
       linux-4.19.y: [43caa29c99db5a41b204e8ced01b00e151335ca8]
    12 16 
       mainline: [ede95a63b5e84ddeea6b0c473b36ab8bfd8c6ce3]
    17 
    +ignore:
    18 
    +  linux-4.4.y: Unprivileged BPF JIT should not be enabled
    19 
    +  linux-4.4.y-cip: Unprivileged BPF JIT should not be enabled

  • issues/CVE-2019-11487.yml
    ... ... @@ -36,3 +36,7 @@ fixed-by:
    36 36 
         ad73e3a199066ad9bf48ea1334ef312e5aa078f4, 258fc3baeb4b2da15391735fd806facf4a91b585]
    37 37 
       mainline: [15fab63e1e57be9fdb5eec1bbc5916e9825e9acb, 88b1a17dfc3ed7728316478fae0f5ad508f50397,
    38 38 
         8fde12ca79aff9b5ba951fce1a2641901b8d8e64, f958d7b528b1b40c44cfda5eabe2d82760d868c3]
    39 
    +ignore:
    40 
    +  linux-3.16.y: Minor issue, difficult to backport fix
    41 
    +  linux-4.4.y: Minor issue, difficult to backport fix
    42 
    +  linux-4.4.y-cip: Minor issue, difficult to backport fix


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.com. If you'd like to receive fewer emails, you can adjust your notification settings.

    Join cip-dev@lists.cip-project.org to automatically receive all group messages.