[PULL][linux-euclid] CVE fixes

Jesse Sung jesse.sung at canonical.com
Fri Oct 6 09:17:49 UTC 2017


Fixes for the red blocks in the CVE matrix for linux-euclid:

* CVE-2017-7308
* CVE-2017-1000111
* CVE-2017-1000112
* CVE-2017-1000251
* CVE-2017-1000364
* CVE-2017-2636
* CVE-2017-7184
* CVE-2017-7374
* CVE-2017-7533

----------------------------------------------------------------
The following changes since commit 8c20a90db922776b010d6fff5351ab96ed779a99:

  UBUNTU: Ubuntu-4.4.0-9018.18 (2017-05-10 17:45:02 +0800)

are available in the git repository at:

  https://git.launchpad.net/~wenchien/+git/xenial euclid-cve

for you to fetch changes up to d2d623f8866fc310deb81cad2fc43e0dfffbe735:

  dentry name snapshots (2017-10-06 16:53:33 +0800)

----------------------------------------------------------------
Al Viro (1):
      dentry name snapshots

Alexander Popov (1):
      tty: n_hdlc: get rid of racy n_hdlc.tbuf

Alexey Kodanev (1):
      udp: avoid ufo handling on IP payload compression packets

Andrea Arcangeli (1):
      mm: vma_adjust: remove superfluous confusing update in
remove_next == 1 case

Andrey Konovalov (3):
      net/packet: fix overflow in check for priv area size
      net/packet: fix overflow in check for tp_frame_nr
      net/packet: fix overflow in check for tp_reserve

Andy Whitcroft (2):
      xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
      xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder

Ben Seri (1):
      Bluetooth: Properly check L2CAP config option output buffer length

Eric Biggers (1):
      fscrypt: remove broken support for detecting keyring key revocation

Helge Deller (1):
      Allow stack to grow up to address space limit

Hugh Dickins (2):
      mm: larger stack guard gap, between vmas
      mm: fix new crash in unmapped_area_topdown()

Jakub Sitnicki (1):
      ipv6: Don't use ufo handling on later transformed packets

Jiri Slaby (1):
      TTY: n_hdlc, fix lockdep false positive

Michal Hocko (1):
      mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

Michal Kubeček (1):
      net: account for current skb length when deciding about UFO

Oleg Nesterov (1):
      mm/mmap.c: expand_downwards: don't require the gap if !vm_prev

Willem de Bruijn (2):
      packet: fix tp_reserve race in packet_set_ring
      udp: consistently apply ufo or fragmentation

Zheng Li (1):
      ipv6: Should use consistent conditional judgement for ip6
fragment between __ip6_append_data and ip6_finish_output

zheng li (1):
      ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output

 Documentation/kernel-parameters.txt |   7 ++
 arch/arc/mm/mmap.c                  |   2 +-
 arch/arm/mm/mmap.c                  |   4 +-
 arch/frv/mm/elf-fdpic.c             |   2 +-
 arch/mips/mm/mmap.c                 |   2 +-
 arch/parisc/kernel/sys_parisc.c     |  15 ++--
 arch/powerpc/mm/slice.c             |   2 +-
 arch/s390/mm/mmap.c                 |   4 +-
 arch/sh/mm/mmap.c                   |   4 +-
 arch/sparc/kernel/sys_sparc_64.c    |   4 +-
 arch/sparc/mm/hugetlbpage.c         |   2 +-
 arch/tile/mm/hugetlbpage.c          |   2 +-
 arch/x86/kernel/sys_x86_64.c        |   4 +-
 arch/x86/mm/hugetlbpage.c           |   2 +-
 arch/xtensa/kernel/syscall.c        |   2 +-
 drivers/tty/n_hdlc.c                | 143 ++++++++++++++++----------------
 fs/dcache.c                         |  27 ++++++
 fs/debugfs/inode.c                  |  10 +--
 fs/ext4/crypto_key.c                |  28 ++-----
 fs/ext4/ext4.h                      |  14 +---
 fs/ext4/ext4_crypto.h               |   1 -
 fs/f2fs/crypto_key.c                |  28 ++-----
 fs/f2fs/f2fs.h                      |  14 +---
 fs/f2fs/f2fs_crypto.h               |   1 -
 fs/hugetlbfs/inode.c                |   2 +-
 fs/namei.c                          |   8 +-
 fs/notify/fsnotify.c                |   8 +-
 fs/proc/task_mmu.c                  |   4 -
 include/linux/dcache.h              |   6 ++
 include/linux/fsnotify.h            |  31 -------
 include/linux/mm.h                  |  53 ++++++------
 mm/gup.c                            |   5 --
 mm/memory.c                         |  38 ---------
 mm/mmap.c                           | 158 ++++++++++++++++++++++--------------
 net/bluetooth/l2cap_core.c          |  80 +++++++++---------
 net/ipv4/ip_output.c                |   9 +-
 net/ipv4/udp.c                      |   2 +-
 net/ipv6/ip6_output.c               |   9 +-
 net/packet/af_packet.c              |  21 +++--
 net/xfrm/xfrm_user.c                |   9 +-
 40 files changed, 366 insertions(+), 401 deletions(-)




More information about the kernel-team mailing list