[CVE-2011-3347] [Oneiric] [PATCH 0/3] be2net packet handling allows possible DOS

Stefan Bader stefan.bader at canonical.com
Wed Feb 15 16:36:52 UTC 2012


On 15.02.2012 16:33, Brad Figg wrote:
> On 02/15/2012 01:22 AM, Stefan Bader wrote:
>> On 15.02.2012 10:12, Andy Whitcroft wrote:
>>> On Tue, Feb 14, 2012 at 01:20:05PM -0800, Brad Figg wrote:
>>>> CVE-2011-3347
>>>>     Non-member VLAN (virtual LAN) packet handling for interfaces in
>>>>     promiscuous mode and also using the be2net driver could allow an attacker
>>>>     on the local network to cause a denial of service.
>>>>
>>>> Following this cover-letter are three patches which address this issue. Two
>>>> of the three are straight cherry-picks from Linus' tree. The third is a very
>>>> minor backport due to the driver having been moved within the kernel tree.
>>>>
>>>> Proposing for Oneiric master.
>>>>
>>>> Ajit Khaparde (1):
>>>>    be2net: move to new vlan model
>>>>
>>>> Jiri Pirko (1):
>>>>    benet: remove bogus "unlikely" on vlan check
>>>>
>>>> Sathya Perla (1):
>>>>    be2net: non-member vlan pkts not received in promiscous mode
>>>>
>>>>   drivers/net/benet/be.h      |    1 -
>>>>   drivers/net/benet/be_cmds.c |    6 ++++--
>>>>   drivers/net/benet/be_main.c |   41 ++++++++++++++++-------------------------
>>>>   3 files changed, 20 insertions(+), 28 deletions(-)
>>>
>>> I see there are 4 commits listed in the tracker for this, I assume the
>>> first is not actually necessary?  Is that correct?
>>>
>>> -apw
>>>
>> And one other thing I like about the way Andy does it and confuses me here is:
>> why only onerirc? Cause in the tracker there is natty marked as affected too.
>>
>> -Stefan
> 
> Because the natty is a larger backport effort where oneiric is mostly a simple
> cherry pick. Is your preference to not patch any of the stable kernels until
> we have patches ready for all of them?
> 

Ah ok. No actually I found having that info: "this needs to go to natty to but
is hard", would be what I like to know. Well basically a quick status which
would also include Andy's question about the missing fourth patch.

-Stefan



More information about the kernel-team mailing list