| Message ID | CAH10aOhwf=8Uaw56qEO+RhBdeSKz+kTbbBoWjfRE6jMfOkrDjw@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [PULL,linux-euclid] CVE fixes | expand |
On 10/06/2017 11:17 AM, Jesse Sung wrote: > Fixes for the red blocks in the CVE matrix for linux-euclid: > > * CVE-2017-7308 > * CVE-2017-1000111 > * CVE-2017-1000112 > * CVE-2017-1000251 > * CVE-2017-1000364 > * CVE-2017-2636 > * CVE-2017-7184 > * CVE-2017-7374 > * CVE-2017-7533 > > ---------------------------------------------------------------- > The following changes since commit 8c20a90db922776b010d6fff5351ab96ed779a99: > > UBUNTU: Ubuntu-4.4.0-9018.18 (2017-05-10 17:45:02 +0800) > > are available in the git repository at: > > https://git.launchpad.net/~wenchien/+git/xenial euclid-cve > > for you to fetch changes up to d2d623f8866fc310deb81cad2fc43e0dfffbe735: > > dentry name snapshots (2017-10-06 16:53:33 +0800) > > ---------------------------------------------------------------- > Al Viro (1): > dentry name snapshots > > Alexander Popov (1): > tty: n_hdlc: get rid of racy n_hdlc.tbuf > > Alexey Kodanev (1): > udp: avoid ufo handling on IP payload compression packets > > Andrea Arcangeli (1): > mm: vma_adjust: remove superfluous confusing update in > remove_next == 1 case > > Andrey Konovalov (3): > net/packet: fix overflow in check for priv area size > net/packet: fix overflow in check for tp_frame_nr > net/packet: fix overflow in check for tp_reserve > > Andy Whitcroft (2): > xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window > xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder > > Ben Seri (1): > Bluetooth: Properly check L2CAP config option output buffer length > > Eric Biggers (1): > fscrypt: remove broken support for detecting keyring key revocation > > Helge Deller (1): > Allow stack to grow up to address space limit > > Hugh Dickins (2): > mm: larger stack guard gap, between vmas > mm: fix new crash in unmapped_area_topdown() > > Jakub Sitnicki (1): > ipv6: Don't use ufo handling on later transformed packets > > Jiri Slaby (1): > TTY: n_hdlc, fix lockdep false positive > > Michal Hocko (1): > mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack > > Michal Kubeček (1): > net: account for current skb length when deciding about UFO > > Oleg Nesterov (1): > mm/mmap.c: expand_downwards: don't require the gap if !vm_prev > > Willem de Bruijn (2): > packet: fix tp_reserve race in packet_set_ring > udp: consistently apply ufo or fragmentation > > Zheng Li (1): > ipv6: Should use consistent conditional judgement for ip6 > fragment between __ip6_append_data and ip6_finish_output > > zheng li (1): > ipv4: Should use consistent conditional judgement for ip > fragment in __ip_append_data and ip_finish_output > > Documentation/kernel-parameters.txt | 7 ++ > arch/arc/mm/mmap.c | 2 +- > arch/arm/mm/mmap.c | 4 +- > arch/frv/mm/elf-fdpic.c | 2 +- > arch/mips/mm/mmap.c | 2 +- > arch/parisc/kernel/sys_parisc.c | 15 ++-- > arch/powerpc/mm/slice.c | 2 +- > arch/s390/mm/mmap.c | 4 +- > arch/sh/mm/mmap.c | 4 +- > arch/sparc/kernel/sys_sparc_64.c | 4 +- > arch/sparc/mm/hugetlbpage.c | 2 +- > arch/tile/mm/hugetlbpage.c | 2 +- > arch/x86/kernel/sys_x86_64.c | 4 +- > arch/x86/mm/hugetlbpage.c | 2 +- > arch/xtensa/kernel/syscall.c | 2 +- > drivers/tty/n_hdlc.c | 143 ++++++++++++++++---------------- > fs/dcache.c | 27 ++++++ > fs/debugfs/inode.c | 10 +-- > fs/ext4/crypto_key.c | 28 ++----- > fs/ext4/ext4.h | 14 +--- > fs/ext4/ext4_crypto.h | 1 - > fs/f2fs/crypto_key.c | 28 ++----- > fs/f2fs/f2fs.h | 14 +--- > fs/f2fs/f2fs_crypto.h | 1 - > fs/hugetlbfs/inode.c | 2 +- > fs/namei.c | 8 +- > fs/notify/fsnotify.c | 8 +- > fs/proc/task_mmu.c | 4 - > include/linux/dcache.h | 6 ++ > include/linux/fsnotify.h | 31 ------- > include/linux/mm.h | 53 ++++++------ > mm/gup.c | 5 -- > mm/memory.c | 38 --------- > mm/mmap.c | 158 ++++++++++++++++++++++-------------- > net/bluetooth/l2cap_core.c | 80 +++++++++--------- > net/ipv4/ip_output.c | 9 +- > net/ipv4/udp.c | 2 +- > net/ipv6/ip6_output.c | 9 +- > net/packet/af_packet.c | 21 +++-- > net/xfrm/xfrm_user.c | 9 +- > 40 files changed, 366 insertions(+), 401 deletions(-) > All the high and critical CVE's have been addressed and the fixes match the ones applied on xenial/master. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 10/06/2017 11:17 AM, Jesse Sung wrote: > Fixes for the red blocks in the CVE matrix for linux-euclid: > > * CVE-2017-7308 > * CVE-2017-1000111 > * CVE-2017-1000112 > * CVE-2017-1000251 > * CVE-2017-1000364 > * CVE-2017-2636 > * CVE-2017-7184 > * CVE-2017-7374 > * CVE-2017-7533 > > ---------------------------------------------------------------- > The following changes since commit 8c20a90db922776b010d6fff5351ab96ed779a99: > > UBUNTU: Ubuntu-4.4.0-9018.18 (2017-05-10 17:45:02 +0800) > > are available in the git repository at: > > https://git.launchpad.net/~wenchien/+git/xenial euclid-cve > > for you to fetch changes up to d2d623f8866fc310deb81cad2fc43e0dfffbe735: > > dentry name snapshots (2017-10-06 16:53:33 +0800) > > ---------------------------------------------------------------- > Al Viro (1): > dentry name snapshots > > Alexander Popov (1): > tty: n_hdlc: get rid of racy n_hdlc.tbuf > > Alexey Kodanev (1): > udp: avoid ufo handling on IP payload compression packets > > Andrea Arcangeli (1): > mm: vma_adjust: remove superfluous confusing update in > remove_next == 1 case > > Andrey Konovalov (3): > net/packet: fix overflow in check for priv area size > net/packet: fix overflow in check for tp_frame_nr > net/packet: fix overflow in check for tp_reserve > > Andy Whitcroft (2): > xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window > xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder > > Ben Seri (1): > Bluetooth: Properly check L2CAP config option output buffer length > > Eric Biggers (1): > fscrypt: remove broken support for detecting keyring key revocation > > Helge Deller (1): > Allow stack to grow up to address space limit > > Hugh Dickins (2): > mm: larger stack guard gap, between vmas > mm: fix new crash in unmapped_area_topdown() > > Jakub Sitnicki (1): > ipv6: Don't use ufo handling on later transformed packets > > Jiri Slaby (1): > TTY: n_hdlc, fix lockdep false positive > > Michal Hocko (1): > mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack > > Michal Kubeček (1): > net: account for current skb length when deciding about UFO > > Oleg Nesterov (1): > mm/mmap.c: expand_downwards: don't require the gap if !vm_prev > > Willem de Bruijn (2): > packet: fix tp_reserve race in packet_set_ring > udp: consistently apply ufo or fragmentation > > Zheng Li (1): > ipv6: Should use consistent conditional judgement for ip6 > fragment between __ip6_append_data and ip6_finish_output > > zheng li (1): > ipv4: Should use consistent conditional judgement for ip > fragment in __ip_append_data and ip_finish_output > > Documentation/kernel-parameters.txt | 7 ++ > arch/arc/mm/mmap.c | 2 +- > arch/arm/mm/mmap.c | 4 +- > arch/frv/mm/elf-fdpic.c | 2 +- > arch/mips/mm/mmap.c | 2 +- > arch/parisc/kernel/sys_parisc.c | 15 ++-- > arch/powerpc/mm/slice.c | 2 +- > arch/s390/mm/mmap.c | 4 +- > arch/sh/mm/mmap.c | 4 +- > arch/sparc/kernel/sys_sparc_64.c | 4 +- > arch/sparc/mm/hugetlbpage.c | 2 +- > arch/tile/mm/hugetlbpage.c | 2 +- > arch/x86/kernel/sys_x86_64.c | 4 +- > arch/x86/mm/hugetlbpage.c | 2 +- > arch/xtensa/kernel/syscall.c | 2 +- > drivers/tty/n_hdlc.c | 143 ++++++++++++++++---------------- > fs/dcache.c | 27 ++++++ > fs/debugfs/inode.c | 10 +-- > fs/ext4/crypto_key.c | 28 ++----- > fs/ext4/ext4.h | 14 +--- > fs/ext4/ext4_crypto.h | 1 - > fs/f2fs/crypto_key.c | 28 ++----- > fs/f2fs/f2fs.h | 14 +--- > fs/f2fs/f2fs_crypto.h | 1 - > fs/hugetlbfs/inode.c | 2 +- > fs/namei.c | 8 +- > fs/notify/fsnotify.c | 8 +- > fs/proc/task_mmu.c | 4 - > include/linux/dcache.h | 6 ++ > include/linux/fsnotify.h | 31 ------- > include/linux/mm.h | 53 ++++++------ > mm/gup.c | 5 -- > mm/memory.c | 38 --------- > mm/mmap.c | 158 ++++++++++++++++++++++-------------- > net/bluetooth/l2cap_core.c | 80 +++++++++--------- > net/ipv4/ip_output.c | 9 +- > net/ipv4/udp.c | 2 +- > net/ipv6/ip6_output.c | 9 +- > net/packet/af_packet.c | 21 +++-- > net/xfrm/xfrm_user.c | 9 +- > 40 files changed, 366 insertions(+), 401 deletions(-) Looks good and matches the relevant commits from Xenial master. Acked-by: Juerg Haefliger <juerg.haefliger@canonical.com>
On 06.10.2017 11:17, Jesse Sung wrote: > Fixes for the red blocks in the CVE matrix for linux-euclid: > > * CVE-2017-7308 > * CVE-2017-1000111 > * CVE-2017-1000112 > * CVE-2017-1000251 > * CVE-2017-1000364 > * CVE-2017-2636 > * CVE-2017-7184 > * CVE-2017-7374 > * CVE-2017-7533 > > ---------------------------------------------------------------- > The following changes since commit 8c20a90db922776b010d6fff5351ab96ed779a99: > > UBUNTU: Ubuntu-4.4.0-9018.18 (2017-05-10 17:45:02 +0800) > > are available in the git repository at: > > https://git.launchpad.net/~wenchien/+git/xenial euclid-cve > > for you to fetch changes up to d2d623f8866fc310deb81cad2fc43e0dfffbe735: > > dentry name snapshots (2017-10-06 16:53:33 +0800) > > ---------------------------------------------------------------- > Al Viro (1): > dentry name snapshots > > Alexander Popov (1): > tty: n_hdlc: get rid of racy n_hdlc.tbuf > > Alexey Kodanev (1): > udp: avoid ufo handling on IP payload compression packets > > Andrea Arcangeli (1): > mm: vma_adjust: remove superfluous confusing update in > remove_next == 1 case > > Andrey Konovalov (3): > net/packet: fix overflow in check for priv area size > net/packet: fix overflow in check for tp_frame_nr > net/packet: fix overflow in check for tp_reserve > > Andy Whitcroft (2): > xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window > xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder > > Ben Seri (1): > Bluetooth: Properly check L2CAP config option output buffer length > > Eric Biggers (1): > fscrypt: remove broken support for detecting keyring key revocation > > Helge Deller (1): > Allow stack to grow up to address space limit > > Hugh Dickins (2): > mm: larger stack guard gap, between vmas > mm: fix new crash in unmapped_area_topdown() > > Jakub Sitnicki (1): > ipv6: Don't use ufo handling on later transformed packets > > Jiri Slaby (1): > TTY: n_hdlc, fix lockdep false positive > > Michal Hocko (1): > mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack > > Michal Kubeček (1): > net: account for current skb length when deciding about UFO > > Oleg Nesterov (1): > mm/mmap.c: expand_downwards: don't require the gap if !vm_prev > > Willem de Bruijn (2): > packet: fix tp_reserve race in packet_set_ring > udp: consistently apply ufo or fragmentation > > Zheng Li (1): > ipv6: Should use consistent conditional judgement for ip6 > fragment between __ip6_append_data and ip6_finish_output > > zheng li (1): > ipv4: Should use consistent conditional judgement for ip > fragment in __ip_append_data and ip_finish_output > > Documentation/kernel-parameters.txt | 7 ++ > arch/arc/mm/mmap.c | 2 +- > arch/arm/mm/mmap.c | 4 +- > arch/frv/mm/elf-fdpic.c | 2 +- > arch/mips/mm/mmap.c | 2 +- > arch/parisc/kernel/sys_parisc.c | 15 ++-- > arch/powerpc/mm/slice.c | 2 +- > arch/s390/mm/mmap.c | 4 +- > arch/sh/mm/mmap.c | 4 +- > arch/sparc/kernel/sys_sparc_64.c | 4 +- > arch/sparc/mm/hugetlbpage.c | 2 +- > arch/tile/mm/hugetlbpage.c | 2 +- > arch/x86/kernel/sys_x86_64.c | 4 +- > arch/x86/mm/hugetlbpage.c | 2 +- > arch/xtensa/kernel/syscall.c | 2 +- > drivers/tty/n_hdlc.c | 143 ++++++++++++++++---------------- > fs/dcache.c | 27 ++++++ > fs/debugfs/inode.c | 10 +-- > fs/ext4/crypto_key.c | 28 ++----- > fs/ext4/ext4.h | 14 +--- > fs/ext4/ext4_crypto.h | 1 - > fs/f2fs/crypto_key.c | 28 ++----- > fs/f2fs/f2fs.h | 14 +--- > fs/f2fs/f2fs_crypto.h | 1 - > fs/hugetlbfs/inode.c | 2 +- > fs/namei.c | 8 +- > fs/notify/fsnotify.c | 8 +- > fs/proc/task_mmu.c | 4 - > include/linux/dcache.h | 6 ++ > include/linux/fsnotify.h | 31 ------- > include/linux/mm.h | 53 ++++++------ > mm/gup.c | 5 -- > mm/memory.c | 38 --------- > mm/mmap.c | 158 ++++++++++++++++++++++-------------- > net/bluetooth/l2cap_core.c | 80 +++++++++--------- > net/ipv4/ip_output.c | 9 +- > net/ipv4/udp.c | 2 +- > net/ipv6/ip6_output.c | 9 +- > net/packet/af_packet.c | 21 +++-- > net/xfrm/xfrm_user.c | 9 +- > 40 files changed, 366 insertions(+), 401 deletions(-) > I think those applied we have. Right?
Applied to linux-euclid/master branch. Thanks. Kleber
Fixes for the red blocks in the CVE matrix for linux-euclid: * CVE-2017-7308 * CVE-2017-1000111 * CVE-2017-1000112 * CVE-2017-1000251 * CVE-2017-1000364 * CVE-2017-2636 * CVE-2017-7184 * CVE-2017-7374 * CVE-2017-7533 ---------------------------------------------------------------- The following changes since commit 8c20a90db922776b010d6fff5351ab96ed779a99: UBUNTU: Ubuntu-4.4.0-9018.18 (2017-05-10 17:45:02 +0800) are available in the git repository at: https://git.launchpad.net/~wenchien/+git/xenial euclid-cve for you to fetch changes up to d2d623f8866fc310deb81cad2fc43e0dfffbe735: dentry name snapshots (2017-10-06 16:53:33 +0800) ---------------------------------------------------------------- Al Viro (1): dentry name snapshots Alexander Popov (1): tty: n_hdlc: get rid of racy n_hdlc.tbuf Alexey Kodanev (1): udp: avoid ufo handling on IP payload compression packets Andrea Arcangeli (1): mm: vma_adjust: remove superfluous confusing update in remove_next == 1 case Andrey Konovalov (3): net/packet: fix overflow in check for priv area size net/packet: fix overflow in check for tp_frame_nr net/packet: fix overflow in check for tp_reserve Andy Whitcroft (2): xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder Ben Seri (1): Bluetooth: Properly check L2CAP config option output buffer length Eric Biggers (1): fscrypt: remove broken support for detecting keyring key revocation Helge Deller (1): Allow stack to grow up to address space limit Hugh Dickins (2): mm: larger stack guard gap, between vmas mm: fix new crash in unmapped_area_topdown() Jakub Sitnicki (1): ipv6: Don't use ufo handling on later transformed packets Jiri Slaby (1): TTY: n_hdlc, fix lockdep false positive Michal Hocko (1): mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack Michal Kubeček (1): net: account for current skb length when deciding about UFO Oleg Nesterov (1): mm/mmap.c: expand_downwards: don't require the gap if !vm_prev Willem de Bruijn (2): packet: fix tp_reserve race in packet_set_ring udp: consistently apply ufo or fragmentation Zheng Li (1): ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output zheng li (1): ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output Documentation/kernel-parameters.txt | 7 ++ arch/arc/mm/mmap.c | 2 +- arch/arm/mm/mmap.c | 4 +- arch/frv/mm/elf-fdpic.c | 2 +- arch/mips/mm/mmap.c | 2 +- arch/parisc/kernel/sys_parisc.c | 15 ++-- arch/powerpc/mm/slice.c | 2 +- arch/s390/mm/mmap.c | 4 +- arch/sh/mm/mmap.c | 4 +- arch/sparc/kernel/sys_sparc_64.c | 4 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/tile/mm/hugetlbpage.c | 2 +- arch/x86/kernel/sys_x86_64.c | 4 +- arch/x86/mm/hugetlbpage.c | 2 +- arch/xtensa/kernel/syscall.c | 2 +- drivers/tty/n_hdlc.c | 143 ++++++++++++++++---------------- fs/dcache.c | 27 ++++++ fs/debugfs/inode.c | 10 +-- fs/ext4/crypto_key.c | 28 ++----- fs/ext4/ext4.h | 14 +--- fs/ext4/ext4_crypto.h | 1 - fs/f2fs/crypto_key.c | 28 ++----- fs/f2fs/f2fs.h | 14 +--- fs/f2fs/f2fs_crypto.h | 1 - fs/hugetlbfs/inode.c | 2 +- fs/namei.c | 8 +- fs/notify/fsnotify.c | 8 +- fs/proc/task_mmu.c | 4 - include/linux/dcache.h | 6 ++ include/linux/fsnotify.h | 31 ------- include/linux/mm.h | 53 ++++++------ mm/gup.c | 5 -- mm/memory.c | 38 --------- mm/mmap.c | 158 ++++++++++++++++++++++-------------- net/bluetooth/l2cap_core.c | 80 +++++++++--------- net/ipv4/ip_output.c | 9 +- net/ipv4/udp.c | 2 +- net/ipv6/ip6_output.c | 9 +- net/packet/af_packet.c | 21 +++-- net/xfrm/xfrm_user.c | 9 +- 40 files changed, 366 insertions(+), 401 deletions(-)