[PATCH 0/3][CVE-2016-3134][Precise] netfilter: offset fields validation

Luis Henriques luis.henriques at canonical.com
Tue Jul 5 13:57:43 UTC 2016


Following this email, I'm sending the CVE-2016-3134 fixes backports done by Ben
to  the upstream 3.2 stable kernel.

Florian Westphal (3):
  netfilter: x_tables: validate e->target_offset early
  netfilter: x_tables: make sure e->next_offset covers remaining blob
    size
  netfilter: x_tables: fix unconditional helper

 net/ipv4/netfilter/arp_tables.c | 41 ++++++++++++++++++------------------
 net/ipv4/netfilter/ip_tables.c  | 46 ++++++++++++++++++++---------------------
 net/ipv6/netfilter/ip6_tables.c | 46 ++++++++++++++++++++---------------------
 3 files changed, 67 insertions(+), 66 deletions(-)





More information about the kernel-team mailing list