[SRU][Zesty][Xenial][PATCH 0/2] Fix for CVE-2017-16939
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Fri Dec 1 16:07:14 UTC 2017
Patch 2/2 (ipsec: Fix aborted xfrm policy dump) is the real fix and is a
clean cherry-pick for Zesty and Xenial. Patch 1/2 (netlink: add a start
callback for starting a netlink dump) is a pre-requisite and needs to be
applied only for Xenial and is also a clean cherry-pick.
Both tested with the POC available on
https://bugzilla.suse.com/show_bug.cgi?id=1069702.
Herbert Xu (1):
ipsec: Fix aborted xfrm policy dump crash
Tom Herbert (1):
netlink: add a start callback for starting a netlink dump
include/linux/netlink.h | 2 ++
include/net/genetlink.h | 2 ++
net/netlink/af_netlink.c | 4 ++++
net/netlink/genetlink.c | 16 ++++++++++++++++
net/xfrm/xfrm_user.c | 25 +++++++++++++++----------
5 files changed, 39 insertions(+), 10 deletions(-)
--
2.14.1
More information about the kernel-team
mailing list