Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f12c2a00 by Salvatore Bonaccorso at 2021-05-21T06:22:24+02:00
Sync some linux CVEs with kernel-sec information
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3738,6 +3738,7 @@ CVE-2021-3514 [sync_repl NULL pointer dereference in
sync_create_state_control()
NOTE: https://github.com/389ds/389-ds-base/issues/4711
CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1
performs unde ...)
- linux 5.10.38-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before
1.13.1.0 ...)
NOT-FOR-US: OpenDistro for Elasticsearch
@@ -4493,6 +4494,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the
floppy disk emulator of Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in
fs/f2fs/node.c ...)
- linux 5.10.38-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE:
https://lore.kernel.org/lkml/[email protected]/
CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver
has cap_ ...)
@@ -4717,6 +4719,8 @@ CVE-2021-31417 (This vulnerability allows local attackers
to disclose sensitive
NOT-FOR-US: Parallels Desktop
CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12.
The valu ...)
- linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
CVE-2021-31416
RESERVED
@@ -6766,6 +6770,7 @@ CVE-2021-3494 (A smart proxy that provides a restful API
to various sub-systems
- foreman <itp> (bug #663101)
CVE-2021-3493 (The overlayfs implementation in the linux kernel did not
properly vali ...)
- linux 5.10.38-1
+ [stretch] - linux <not-affected> (Unprivileged users cannot mount
overlayfs)
NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
CVE-2021-30501
RESERVED
@@ -7602,9 +7607,11 @@ CVE-2020-36312 (An issue was discovered in the Linux
kernel before 5.8.10. virt/
NOTE:
https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e
CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9.
arch/x86/kvm/s ...)
- linux 5.9.1-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8.
arch/x86/kvm/s ...)
- linux 5.8.7-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in
OpenResty ...)
- nginx <unfixed> (bug #986787)
@@ -51677,6 +51684,7 @@ CVE-2020-24505 (Insufficient input validation in the
firmware for the Intel(R) 7
NOT-FOR-US: Intel NIC firmware
CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet
E810 Adapt ...)
- linux <unfixed>
+ [stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810
Adapter dri ...)
- linux <undetermined>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12c2a00b3326b880f4780de22aa7e0371c2e1e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f12c2a00b3326b880f4780de22aa7e0371c2e1e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
