[PATCH 0/3][CVE-2016-3134][Precise] netfilter: offset fields validation
Luis Henriques
luis.henriques at canonical.com
Tue Jul 5 13:57:43 UTC 2016
Following this email, I'm sending the CVE-2016-3134 fixes backports done by Ben
to the upstream 3.2 stable kernel.
Florian Westphal (3):
netfilter: x_tables: validate e->target_offset early
netfilter: x_tables: make sure e->next_offset covers remaining blob
size
netfilter: x_tables: fix unconditional helper
net/ipv4/netfilter/arp_tables.c | 41 ++++++++++++++++++------------------
net/ipv4/netfilter/ip_tables.c | 46 ++++++++++++++++++++---------------------
net/ipv6/netfilter/ip6_tables.c | 46 ++++++++++++++++++++---------------------
3 files changed, 67 insertions(+), 66 deletions(-)
More information about the kernel-team
mailing list