Page MenuHomeVyOS Platform
Create Task
Maniphest T277

CVE-2017-6074 - linux kernel local (?) privilege escalation
Closed, ResolvedPublic
Actions

Description

https://security-tracker.debian.org/tracker/CVE-2017-6074

Work-around - disable dccp kernel module.

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Issues in third-party code

Event Timeline

mickvav created this task.Feb 23 2017, 9:48 AM
syncer added projects: VyOS 1.1.x (1.1.8), VyOS 1.2 Crux (VyOS 1.2.0-rc1).Feb 23 2017, 8:13 PM
syncer edited subscribers, added: VyOS 1.1.x, VyOS 1.2 Crux; removed: mickvav.
UnicronNL added a subscriber: UnicronNL.Apr 30 2017, 11:55 AM

fix for 1.2:
https://github.com/vyos/vyos-kernel/commit/31097c58bc2674bd5f0be5a6d08678af8fcedfa5

syncer added subscribers: mickvav, syncer.Jul 30 2017, 7:47 PM

@mickvav can you assign it to me please

higebu added a subscriber: higebu.EditedAug 20 2017, 12:35 PM

VyOS 1.1.x is not affected. See http://www.cvedetails.com/cve/CVE-2017-6074/

higebu added a comment.Aug 20 2017, 12:47 PM

Sorry. It's wrong. Linux kernel through 4.9.11 is affected. So 1.1.x is affected.

higebu added a comment.Aug 20 2017, 2:39 PM

Fix for 1.1.8: https://github.com/vyos/vyos-kernel/commit/3326adbda316de01bb4b620124e434183bb2d564

syncer changed the edit policy from "Public (No Login Required)" to "Custom Policy".Aug 21 2017, 12:29 AM
syncer set Version to -.
syncer moved this task from Needs Triage to In Progress on the VyOS 1.1.x (1.1.8) board.
syncer assigned this task to higebu.Aug 21 2017, 12:55 AM
mickvav closed this task as Resolved.Aug 28 2017, 4:13 PM

Fine!

syncer moved this task from In Progress to Finished on the VyOS 1.1.x (1.1.8) board.Aug 28 2017, 4:15 PM
syncer added a project: VyOS-1.2.0-GA.Oct 15 2018, 10:42 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 10:42 PM