[CVE-2016-5243] fix an infoleak in tipc
Luis Henriques
luis.henriques at canonical.com
Thu Jul 14 14:01:28 UTC 2016
Following this email I'm sending the CVE-2016-5243 fix backports for all
series < Xenial. The following changes were required in the backports:
- modify function tipc_node_get_links (net/tipc/node.c) instead of
tipc_nl_compat_link_dump (net/tipc/netlink_compat.c). This function was
moved with commit 357ebdbfca0b ("tipc: convert legacy nl link dump to nl
compat")
- use strncpy() instead of nla_strlcpy() as the later isn't applicable
before commit 357ebdbfca0b
I'll also send the (clean cherry-pick) fix for xenial, but the upstream
patch has an issue that is not present in these backports, so it 2 patches
are required for this kernel.
More information about the kernel-team
mailing list