github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 17:26:28 +00:00
Code Issues Projects Releases Wiki Activity

docs: add a blurb about CVE-2017-1000363

Browse Source 
As of the time of this patch, the CVE was not available yet in the mitre
db.

Signed-off-by: Tycho Andersen <tycho@docker.com>
This commit is contained in:
Tycho Andersen 2017-05-23 16:03:00 -06:00
parent 72ad8ac3a3
commit 90c7047973
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/security-events.md
View File

@ -5,6 +5,8 @@ The incomplete list below is an assessment of some CVEs, and LinuxKit's resilien
### Bugs mitigated:
* [CVE-2017-1000363](http://www.openwall.com/lists/oss-security/2017/05/23/16):
This CVE requires `CONFIG_PRINTER=y`, so we are not vulnerable.
* [CVE-2017-2636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636)
([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)):
This CVE requires `CONFIG_N_HDLC={y|m}`, which LinuxKit does not specify, and so