From b566b491d4003efd31631a893bc3434fc670189f Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Mon, 29 Jan 2018 08:45:31 +0100 Subject: Updated security report. Added new CVE fixes. Signed-off-by: Sona Sarmadi --- doc/book-enea-linux-security-report | 44 ++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/doc/book-enea-linux-security-report b/doc/book-enea-linux-security-report index d1d4bdb..72a8f34 100644 --- a/doc/book-enea-linux-security-report +++ b/doc/book-enea-linux-security-report @@ -1,14 +1,32 @@ +CVE-i2017-1000380 +Package: kernel +Score: 2.1 (Low) +Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. +Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 + CVE-2017-1000253 Package: kernel Score: 8.0 (High) Description: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.Upstream patch:https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-1000253 -CVE-1000380 -Package: kernel -Score: 2.1 (Low) -Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. -Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 +CVE-2017-1000250 +Package: bluez5 +Score: 3.3 (Minor) +Description: All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. +Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 + +CVE-2017-13081 +Package: linux-firmware +Score: 2.9 (Minor) +Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. +Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 + +CVE-2017-13080 +Package: linux-firmware +Score: 2.9 (Minor) +Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. +Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 CVE-2017-9955 Package: GNU Binutils @@ -1034,18 +1052,4 @@ CVE-2014-9365 Package: python Score: 5.8 (Medium) Description: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. -Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 - -CVE-1000380 -Package: kernel -Score: 2.1 (Low) -Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. -Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 - - CVE-2017-1000253 -Package: kernel -Score: 8.0 (High) -Description: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.Upstream patch:https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 -Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-1000253 - - +Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 -- cgit v1.2.3-54-g00ecf