Give up on CVE-2018-5391 for 3.16-upstream-stable, and retire it

I already backported the upstream fix to 4.4, but there are several
more big changes to inet_fragment between 3.16 and 4.4 that it depends
on.

1 files changed, 38 insertions, 0 deletions

diff --git a/retired/CVE-2018-5391 b/retired/CVE-2018-5391
new file mode 100644
index 00000000..4165f65b
--- /dev/null
+++ b/retired/CVE-2018-5391
@@ -0,0 +1,38 @@
+Description: FragmentSmack (IP fragments)
+References:
+ https://www.kb.cert.org/vuls/id/641765
+Notes:
+ carnil> Should affect 3.9 and later and mitigation/good enough fix is
+ carnil> to revert c2a936600f78aea00d3312ea4b66a79a4619f9b4. Or change
+ carnil> the default values of net.ipv4.ipfrag_high_thresh and
+ carnil> net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively)
+ carnil> or below.
+ carnil> "Proper" patches in the works.
+ carnil> SuSE identifies upstream commits which seem to properly address
+ carnil> the issue, but needs more checking:
+ carnil> https://bugzilla.novell.com/show_bug.cgi?id=1103097
+ carnil> Candidates for backports:
+ carnil> https://bugzilla.novell.com/show_bug.cgi?id=1103097#c15
+ carnil> 56e2c94f05    inet: frag: enforce memory limits earlier
+ carnil> 4672694bd4    ipv4: frags: handle possible skb truesize change
+ carnil> and
+ carnil> 0ed4229b08c1  ipv6: defrag: drop non-last frags smaller than min mtu
+ carnil> 7969e5c40dfd  ip: discard IPv4 datagrams with overlapping segments.
+ carnil> 385114dec8a4  net: modify skb_rbtree_purge to return the truesize of all
+ carnil>               purged skbs.
+ carnil> fa0f527358bd  ip: use rb trees for IP frag queue.
+ canril> It needs to be checked that the upstream fixes will for 4.9-upstream-
+ canril> stable and 3.16-upstream-stable do not cause CVE-2018-14641. In
+ canril> the proposed patch series from Florian Fainelli <f.fainelli@gmail.com>,
+ carnil> ("[PATCH stable 4.9 v2 00/29] backport of IP fragmentation fixes") contain
+ carnil> the needed fix.
+ carnil> The commits backported to 4.9.134 are complete and are not introducing
+ carnil> thus CVE-2018-14641.
+Bugs:
+upstream: released (4.19-rc1) [7969e5c40dfd04799d4341f1b7cd266b6e47f227, 385114dec8a49b5e5945e77ba7de6356106713f4, fa0f527358bd900ef92f925878ed6bfbd51305cc]
+4.19-upstream-stable: N/A "Fixed before branch point"
+4.9-upstream-stable: released (4.9.134) [7fca77153c5c2a2c59e70720332bce7088aef8e8, 2ffb1c363dfa89858dded0b291f005faf1b72adc, bbf6d8604475f36279c7b2d9a1f425654bc24588, dae73e7d73fce8d8d5132ec3c94de16280653fc6, 1b363f81f38f28bd69ec90837da0f65161f36325, 620018dd713da51daac7ec4cd0ae54b0f0fa0f75, fb19348bd709e3f948825ed995bdc477a0414772, 23ce9c5ce704b985dad79bce944a348f0c205869, ea7496f018adcfbac5396ead5756dcabb9866749, 49106f36c253a3c4ce7cf297415826af0c4339ea, 965e2adc5850836586e0961c350b94c2092da319, 7f6170683223cb38cabaff21ecbb9a6375ad10f6, 7a87ec92d36a660820d426d8c54794c44077277f, cbc45497b39c4626adaeca2a409588f19ae19e34, 6060bcdcffaba68c3ff158a88faab6df27210ffc, 5b68fda0a455be7f48fdf97407de1aa09d046fdd, 316986fe4dcac011b4f85d9bbef1edf4953c0219, d838486621c38f084b867743a0abd0968c6cb196, 82f36cbc74595f06900f478d4eaf7217a4f06e13, f5d17b55f4be318adf3b642b50bd25e5245ecc17, 871695951ec6f6b0b1a258c9bb5336bfeffab409, a8444b1ccb20339774af58e40ad42296074fb484, 791521e2e377f66ef5ee6e5002dec758234d8d32, b475cf3bf1e8212b0287c6d15249e2c942693ae5, 10043954eadac2d8f8c1886190f7a7ee584ff939, e9e4ac488c017739b2832177550ba2569fffc709, 4077ddb2cb48ca4592d738ea37cd58c5d41754bd, 85e59af99a7f7c9bcd089f2404b405df7ee665ba, 5a0f340f5ad6a6cc6518f212802f95b669e8fe27]
+3.16-upstream-stable: ignored "Too risky to apply upstream fix, and it can be mitigated with sysctl changes"
+sid: released (4.17.15-1) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]
+4.9-stretch-security: released (4.9.110-3+deb9u2) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]
+3.16-jessie-security: released (3.16.59-1) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]