mbox series

[SRU,Trusty,Artful,Bionic,0/1] Fix for CVE-2017-17448

Message ID	20180201102927.15920-1-kleber.souza@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Kleber Sacilotto de Souza <kleber.souza@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][Trusty][Artful][Bionic][PATCH 0/1] Fix for CVE-2017-17448 Date: Thu, 1 Feb 2018 11:29:25 +0100 Message-Id: <20180201102927.15920-1-kleber.souza@canonical.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	Fix for CVE-2017-17448 \| expand [SRU,Trusty,Artful,Bionic,0/1] Fix for CVE-2017-17448 [SRU,Trusty,1/1] netfilter: nfnetlink_cthelper: Add missing permission checks

Message ID

20180201102927.15920-1-kleber.souza@canonical.com

Headers

From: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Trusty][Artful][Bionic][PATCH 0/1] Fix for CVE-2017-17448
Date: Thu,  1 Feb 2018 11:29:25 +0100
Message-Id: <20180201102927.15920-1-kleber.souza@canonical.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

Fix for CVE-2017-17448 | expand

Message

Kleber Sacilotto de Souza Feb. 1, 2018, 10:29 a.m. UTC

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html

Simple backport for Trusty only for context adjustment, and clean cherry
pick for Artful and Bionic. The fix for Xenial is already on the queue
with the upstream stable update to 4.4.114.

Kevin Cernekee (1):
  netfilter: nfnetlink_cthelper: Add missing permission checks

 net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Seth Forshee Feb. 1, 2018, 10:36 a.m. UTC | #1

On Thu, Feb 01, 2018 at 11:29:25AM +0100, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html
> 
> Simple backport for Trusty only for context adjustment, and clean cherry
> pick for Artful and Bionic. The fix for Xenial is already on the queue
> with the upstream stable update to 4.4.114.

Acked-by: Seth Forshee <seth.forshee@canonical.com>

For bionic, this commit was already in the 4.14.16 stable update that I
applied earlier today.

Marcelo Henrique Cerri Feb. 1, 2018, 12:27 p.m. UTC | #2

Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>

Khalid Elmously Feb. 3, 2018, 2:33 a.m. UTC | #3

On 2018-02-01 11:29:25 , Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html
> 
> Simple backport for Trusty only for context adjustment, and clean cherry
> pick for Artful and Bionic. The fix for Xenial is already on the queue
> with the upstream stable update to 4.4.114.
> 
> Kevin Cernekee (1):
>   netfilter: nfnetlink_cthelper: Add missing permission checks
> 
>  net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 

Acked-by: Khalid Elmously <khalid.elmously@canonical.com>

Khalid Elmously Feb. 17, 2018, 4:55 a.m. UTC | #4

Applied to artful and trusty


On 2018-02-01 11:29:25 , Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html
> 
> Simple backport for Trusty only for context adjustment, and clean cherry
> pick for Artful and Bionic. The fix for Xenial is already on the queue
> with the upstream stable update to 4.4.114.
> 
> Kevin Cernekee (1):
>   netfilter: nfnetlink_cthelper: Add missing permission checks
> 
>  net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> -- 
> 2.14.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Kleber Sacilotto de Souza Feb. 28, 2018, 6:13 p.m. UTC | #5

On 02/01/18 11:29, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html
> 
> Simple backport for Trusty only for context adjustment, and clean cherry
> pick for Artful and Bionic. The fix for Xenial is already on the queue
> with the upstream stable update to 4.4.114.
> 
> Kevin Cernekee (1):
>   netfilter: nfnetlink_cthelper: Add missing permission checks
> 
>  net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 

Applied to trusty/master-next branch.

Thanks,
Kleber

Kleber Sacilotto de Souza March 1, 2018, 10:02 a.m. UTC | #6

On 02/01/18 11:29, Kleber Sacilotto de Souza wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17448.html
> 
> Simple backport for Trusty only for context adjustment, and clean cherry
> pick for Artful and Bionic. The fix for Xenial is already on the queue
> with the upstream stable update to 4.4.114.
> 
> Kevin Cernekee (1):
>   netfilter: nfnetlink_cthelper: Add missing permission checks
> 
>  net/netfilter/nfnetlink_cthelper.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 

Applied this patch as well to xenial/master-next-backlog since the
upstream update to 4.4.114 hasn't been prepared yet.

Thanks,
Kleber