[SRU][trusty][PATCH 0/2] Fix for CVE-2017-16939
Kleber Sacilotto de Souza
kleber.souza at canonical.com
Fri Dec 1 16:06:24 UTC 2017
Patch 2/2 (ipsec: Fix aborted xfrm policy dump crash) is the real fix and
it needed a simple backport to fix the context because it lacks
283bc9f35bbbc (xfrm: Namespacify xfrm state/policy locks). Patch 1/1 is a
prerequisite and is a clean cherry-pick.
Tested with the POC available on
https://bugzilla.suse.com/show_bug.cgi?id=1069702.
Herbert Xu (1):
ipsec: Fix aborted xfrm policy dump crash
Tom Herbert (1):
netlink: add a start callback for starting a netlink dump
include/linux/netlink.h | 2 ++
include/net/genetlink.h | 2 ++
net/netlink/af_netlink.c | 4 ++++
net/netlink/genetlink.c | 16 ++++++++++++++++
net/xfrm/xfrm_user.c | 25 +++++++++++++++----------
5 files changed, 39 insertions(+), 10 deletions(-)
--
2.14.1
More information about the kernel-team
mailing list