Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
releases:17.01:changelog-17.01.3 [2017/10/02 16:08] – fix false positive bug reference jowreleases:17.01:changelog-17.01.3 [2017/10/02 16:33] – sort CVEs numerically jow
Line 275: Line 275:
  
 ===== Security fixes ==== ===== Security fixes ====
-=== CVE-2017-1000100 === +=== CVE-2017-7407 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\+**Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000101 === +=== CVE-2017-7468 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\+**Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000111 === +=== CVE-2017-7508 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\+**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000112 === +=== CVE-2017-7512 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\+**Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7520 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7521 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7522 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7533 === 
 +**Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\
 **Commits:**\\ **Commits:**\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
Line 947: Line 983:
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7407 === +=== CVE-2017-1000100 === 
-**Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7468 === +=== CVE-2017-1000101 === 
-**Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7508 === +=== CVE-2017-1000111 === 
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7512 === +=== CVE-2017-1000112 === 
-**Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7520 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7521 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7522 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7533 === +
-**Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\+
 **Commits:**\\ **Commits:**\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
 \\ \\
  • Last modified: 2017/10/03 12:36
  • by stintel