mbox series

[SRU,Zesty,Xenial,0/2] Fix for CVE-2017-16939

Message ID 20171201160716.30552-1-kleber.souza@canonical.com
Headers show
Series Fix for CVE-2017-16939 | expand

Message

Kleber Sacilotto de Souza Dec. 1, 2017, 4:07 p.m. UTC 
Patch 2/2 (ipsec: Fix aborted xfrm policy dump) is the real fix and is a
clean cherry-pick for Zesty and Xenial. Patch 1/2 (netlink: add a start
callback for starting a netlink dump) is a pre-requisite and needs to be
applied only for Xenial and is also a clean cherry-pick.

Both tested with the POC available on
https://bugzilla.suse.com/show_bug.cgi?id=1069702.

Herbert Xu (1):
  ipsec: Fix aborted xfrm policy dump crash

Tom Herbert (1):
  netlink: add a start callback for starting a netlink dump

 include/linux/netlink.h  |  2 ++
 include/net/genetlink.h  |  2 ++
 net/netlink/af_netlink.c |  4 ++++
 net/netlink/genetlink.c  | 16 ++++++++++++++++
 net/xfrm/xfrm_user.c     | 25 +++++++++++++++----------
 5 files changed, 39 insertions(+), 10 deletions(-)

Comments

Thadeu Lima de Souza Cascardo Dec. 1, 2017, 4:14 p.m. UTC | #1 
On Fri, Dec 01, 2017 at 05:07:14PM +0100, Kleber Sacilotto de Souza wrote:
> Patch 2/2 (ipsec: Fix aborted xfrm policy dump) is the real fix and is a
> clean cherry-pick for Zesty and Xenial. Patch 1/2 (netlink: add a start
> callback for starting a netlink dump) is a pre-requisite and needs to be
> applied only for Xenial and is also a clean cherry-pick.
> 
> Both tested with the POC available on
> https://bugzilla.suse.com/show_bug.cgi?id=1069702.
> 

Clean cherry picks and tested.

Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

> Herbert Xu (1):
>   ipsec: Fix aborted xfrm policy dump crash
> 
> Tom Herbert (1):
>   netlink: add a start callback for starting a netlink dump
> 
>  include/linux/netlink.h  |  2 ++
>  include/net/genetlink.h  |  2 ++
>  net/netlink/af_netlink.c |  4 ++++
>  net/netlink/genetlink.c  | 16 ++++++++++++++++
>  net/xfrm/xfrm_user.c     | 25 +++++++++++++++----------
>  5 files changed, 39 insertions(+), 10 deletions(-)
> 
> -- 
> 2.14.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Stefan Bader Dec. 4, 2017, 10:08 a.m. UTC | #2 
On 01.12.2017 17:07, Kleber Sacilotto de Souza wrote:
> Patch 2/2 (ipsec: Fix aborted xfrm policy dump) is the real fix and is a
> clean cherry-pick for Zesty and Xenial. Patch 1/2 (netlink: add a start
> callback for starting a netlink dump) is a pre-requisite and needs to be
> applied only for Xenial and is also a clean cherry-pick.
> 
> Both tested with the POC available on
> https://bugzilla.suse.com/show_bug.cgi?id=1069702.
> 
> Herbert Xu (1):
>   ipsec: Fix aborted xfrm policy dump crash
> 
> Tom Herbert (1):
>   netlink: add a start callback for starting a netlink dump
> 
>  include/linux/netlink.h  |  2 ++
>  include/net/genetlink.h  |  2 ++
>  net/netlink/af_netlink.c |  4 ++++
>  net/netlink/genetlink.c  | 16 ++++++++++++++++
>  net/xfrm/xfrm_user.c     | 25 +++++++++++++++----------
>  5 files changed, 39 insertions(+), 10 deletions(-)
> 
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Thadeu Lima de Souza Cascardo Dec. 4, 2017, 10:40 a.m. UTC | #3 
Applied to xenial master-next branch.

Thanks.
Cascardo.

Applied-to: xenial/master-next