[SRU][Trusty][Artful][PATCH 0/1] Fix for CVE-2017-17806

Kleber Sacilotto de Souza kleber.souza at canonical.com
Thu Feb 1 16:06:09 UTC 2018


https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17806.html

Clean cherry-pick for Trusty and Artful, fix for Xenial is queued as part of
stable update to 4.4.107.

I was able to reproduce the bug with the reproducer from the commit message
but only with Artful kernel. The bug seems to be a real issue only after
SHA-3 support was added (requires CONFIG_CRYPTO_SHA3), which was done on
v4.8-rc1, so in theory only Artful and later series are affected. But anyway
I believe it's valid to fix this bug on Trusty (and Xenial). 

Eric Biggers (1):
  crypto: hmac - require that the underlying hash algorithm is unkeyed

 crypto/hmac.c                  | 6 +++++-
 crypto/shash.c                 | 5 +++--
 include/crypto/internal/hash.h | 8 ++++++++
 3 files changed, 16 insertions(+), 3 deletions(-)

-- 
2.14.1





More information about the kernel-team mailing list