ACK: [SRU][trusty][PATCH 0/2] Fix for CVE-2017-16939
Stefan Bader
stefan.bader at canonical.com
Mon Dec 4 10:10:08 UTC 2017
On 01.12.2017 17:06, Kleber Sacilotto de Souza wrote:
> Patch 2/2 (ipsec: Fix aborted xfrm policy dump crash) is the real fix and
> it needed a simple backport to fix the context because it lacks
> 283bc9f35bbbc (xfrm: Namespacify xfrm state/policy locks). Patch 1/1 is a
> prerequisite and is a clean cherry-pick.
>
> Tested with the POC available on
> https://bugzilla.suse.com/show_bug.cgi?id=1069702.
>
> Herbert Xu (1):
> ipsec: Fix aborted xfrm policy dump crash
>
> Tom Herbert (1):
> netlink: add a start callback for starting a netlink dump
>
> include/linux/netlink.h | 2 ++
> include/net/genetlink.h | 2 ++
> net/netlink/af_netlink.c | 4 ++++
> net/netlink/genetlink.c | 16 ++++++++++++++++
> net/xfrm/xfrm_user.c | 25 +++++++++++++++----------
> 5 files changed, 39 insertions(+), 10 deletions(-)
>
Backport looks ok to me and tested.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20171204/31d0d024/attachment.sig>
More information about the kernel-team
mailing list