diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-25 20:49:54 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-03-25 20:49:54 +0100 |
| commit | 799d3c586b6df4d41fccd5fc2ff796a087c26329 (patch) | |
| tree | 58859fea1691e870e5406a47cbb0c08c1e4582e6 /retired/CVE-2021-20322 | |
| parent | e3e90ffdadf6bb9b0e7ff277a38879d594f49edd (diff) | |
Retire several CVEs
Diffstat (limited to 'retired/CVE-2021-20322')
| -rw-r--r-- | retired/CVE-2021-20322 | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/retired/CVE-2021-20322 b/retired/CVE-2021-20322 new file mode 100644 index 00000000..d5917886 --- /dev/null +++ b/retired/CVE-2021-20322 @@ -0,0 +1,27 @@ +Description: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies +References: + https://bugzilla.redhat.com/show_bug.cgi?id=2014230 + https://lore.kernel.org/stable/YXwNmcIcmOYTRhG2@kroah.com/T/#m0104263473be2806725abb19a30d6288da622898 +Notes: + carnil> Backports for 4.19.y and 4.9.y seems incomplete for the time + carnil> beeing and only have the "ipv4: make exception cache less + carnil> predictible" patch. + bwh> Introduced for ipv4 in 3.6 by commit 4895c771c7f0 "ipv4: Add FIB nexthop + bwh> exceptions." + bwh> Introduced For ipv6 in 4.15 by commits 35732d01fe31 "ipv6: introduce a + bwh> hash table to store dst cache" and 2b760fcf5cfb "ipv6: hook up exception + bwh> table to store dst cache". + bwh> So for the 4.9 branches only ipv4 needs to be fixed. + carnil> For 4.19.y additionally required + carnil> ipv4: use siphash instead of Jenkins in fnhe_hashfun() + carnil> ipv6: use siphash in rt6_exception_hash() + carnil> ipv6: make exception cache less predictible +Bugs: +upstream: released (5.14) [4785305c05b25a242e5314cc821f54ade4c18810, 6457378fe796815c973f631a1904e147d6ee33b1], released (5.15-rc1) [a00df2caffed3883c341d5685f830434312e4a43, 67d6d681e15b578c1725bad8ad079e05d1c48a8e] +5.10-upstream-stable: released (5.10.62) ]dced8347a727528b388f04820f48166f1e651af6, beefd5f0c63a31a83bc5a99e6888af884745684b], released (5.10.65) [8692f0bb29927d13a871b198adff1d336a8d2d00, 5867e20e1808acd0c832ddea2587e5ee49813874] +4.19-upstream-stable: released (4.19.207) [3e6bd2b583f18da9856fc9741ffa200a74a52cba], released (4.19.215) [6e2856767eb1a9cfcfcd82136928037f04920e97, ad829847ad59af8e26a1f1c345716099abbc7a58, c6d0d68d6da68159948cad3d808d61bb291a0283] +4.9-upstream-stable: released (4.9.283) [f10ce783bcc4d8ea454563a7d56ae781640e7dcb] +sid: released (5.14.6-1) +5.10-bullseye-security: released (5.10.70-1) +4.19-buster-security: released (4.19.232-1) +4.9-stretch-security: released (4.9.290-1) |