[PATCH 00/19][wily, xenial, yakkety] Misc netfilter fixes (including CVE-2016-3134)
Luis Henriques
luis.henriques at canonical.com
Thu Jun 23 18:32:13 UTC 2016
BugLink: https://bugs.launchpad.net/bugs/1595350
BugLink: https://bugs.launchpad.net/bugs/1555338
Following this email I am sending several netfilter fixes, including the fix for
CVE-2016-3134. Most of these patches are clean cherry-picks; only one of the
patches required minor context adjustment.
Florian Westphal (19):
netfilter: x_tables: validate e->target_offset early
netfilter: x_tables: make sure e->next_offset covers remaining blob
size
netfilter: x_tables: fix unconditional helper
netfilter: x_tables: don't move to non-existent next rule
netfilter: x_tables: validate targets of jumps
netfilter: x_tables: add and use xt_check_entry_offsets
netfilter: x_tables: kill check_entry helper
netfilter: x_tables: assert minimum target size
netfilter: x_tables: add compat version of xt_check_entry_offsets
netfilter: x_tables: check standard target size too
netfilter: x_tables: check for bogus target offset
netfilter: x_tables: validate all offsets and sizes in a rule
netfilter: x_tables: don't reject valid target size on some
architectures
netfilter: arp_tables: simplify translate_compat_table args
netfilter: ip_tables: simplify translate_compat_table args
netfilter: ip6_tables: simplify translate_compat_table args
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
netfilter: x_tables: do compat validation via translate_table
netfilter: x_tables: introduce and use xt_copy_counters_from_user
include/linux/netfilter/x_tables.h | 12 +-
net/ipv4/netfilter/arp_tables.c | 322 +++++++++++----------------------
net/ipv4/netfilter/ip_tables.c | 354 +++++++++++--------------------------
net/ipv6/netfilter/ip6_tables.c | 348 ++++++++++--------------------------
net/netfilter/x_tables.c | 245 ++++++++++++++++++++++++-
5 files changed, 562 insertions(+), 719 deletions(-)
More information about the kernel-team
mailing list