APPLIED/cmt: [PATCH 0/5] [SRU][B/master] squashfs hardening
Khaled Elmously
khalid.elmously at canonical.com
Mon Mar 4 02:28:31 UTC 2019
Applied patches 2-5. Patch #1 was dropped since it was already applied as part of the bionic upstream patchset in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1815234
On 2019-02-19 15:23:24 , Paolo Pisati wrote:
> "There are a number of squashfs hardening fixes. They don't have CVE number
> assigned but it would be good to backport the fixes to harden our kernel against
> malicious squashfs images. Snaps are simply squashfs images so an attacker could
> craft a malicious snap and attack the kernel of end users that install their
> crafted snaps."
>
> All clean cherry-picks from upstream.
>
> Linus Torvalds (4):
> squashfs: be more careful about metadata corruption
> squashfs: more metadata hardening
> squashfs metadata 2: electric boogaloo
> squashfs: more metadata hardening
>
> Phillip Lougher (1):
> Squashfs: Compute expected length from inode size rather than block
> length
>
> fs/squashfs/block.c | 2 ++
> fs/squashfs/cache.c | 3 +++
> fs/squashfs/file.c | 58 ++++++++++++++++++++++++++------------------
> fs/squashfs/file_cache.c | 4 +--
> fs/squashfs/file_direct.c | 24 +++++++++---------
> fs/squashfs/fragment.c | 17 +++++++------
> fs/squashfs/squashfs.h | 3 ++-
> fs/squashfs/squashfs_fs.h | 6 +++++
> fs/squashfs/squashfs_fs_sb.h | 1 +
> fs/squashfs/super.c | 5 ++--
> 10 files changed, 75 insertions(+), 48 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list