NACK: [Bionic][PATCH 0/2] Fix for CVE-2019-0136

Tyler Hicks tyhicks at canonical.com
Mon Aug 12 23:20:36 UTC 2019 

On 2019-08-06 10:48:47, Tyler Hicks wrote:
> On 2019-08-06 18:06:31, Wen-chien Jesse Sung wrote:
> > BugLink: https://launchpad.net/bugs/1839105
> > 
> > == SRU Justification ==
> > 
> > * Impact:
> > A potential security vulnerability in IntelĀ® PROSet/Wireless WiFi Software
> > may allow denial of service.
> > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html
> > 
> > * Fix:
> > 588f7d39b359 mac80211: drop robust management frames from unknown TA
> > 79c92ca42b5a mac80211: handle deauthentication/disassociation from TDLS peer
> 
> How were you able to determine that they are the fix for CVE-2019-0136?
> I can't find any public info that correlates CVE-2019-0136 with the two
> fixes you mentioned. I've left this CVE as untriaged in the Ubuntu CVE
> Tracker and was about to reach out to Intel to get more info.

To update this list, I did reach out to Intel last week but have not
heard back from them yet.

In the meantime, the Bionic branch has received these two commits via
pulling in new upstream linux-stable releases. The Bionic commits are:

 3c8fe31b7686309a4b09eed5ba78d88ba85f89bf
 01d899052fcc05f90e45bd5fce2383abd69d017d

There's no longer a need to apply these patches to Bionic so I'm
NACK'ing them in order for the stable team to know that there's nothing
else needed here.

Tyler

> 
> Tyler
> 
> > 
> > * Risk of Regression:
> > Low. These commits are already in 4.14.130 and 4.19.56 so will eventually
> > land in an SRU release or two. We just need them to be included in this cycle
> > for Bionic to meet project schedule.
> > 
> > 
> > Johannes Berg (1):
> >   mac80211: drop robust management frames from unknown TA
> > 
> > Yu Wang (1):
> >   mac80211: handle deauthentication/disassociation from TDLS peer
> > 
> >  net/mac80211/ieee80211_i.h |  3 +++
> >  net/mac80211/mlme.c        | 12 +++++++++++-
> >  net/mac80211/rx.c          |  2 ++
> >  net/mac80211/tdls.c        | 23 +++++++++++++++++++++++
> >  4 files changed, 39 insertions(+), 1 deletion(-)
> > 
> > -- 
> > 2.20.1
> > 
> > 
> > -- 
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list