blob: 381ac247153e202fba47eb1ce4ca536caf323569 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: netfilter IPT_SO_SET_REPLACE memory corruption
References:
https://code.google.com/p/google-security-research/issues/detail?id=758
https://patchwork.ozlabs.org/patch/595575/
https://patchwork.ozlabs.org/patch/599721/
http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=bdf533de6968e9686df777dc178486f600c6e617
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
Notes:
carnil> Can be triggered by an unprivileged user on PF_INET sockets when
carnil> unprivileged user namespaces are available (CONFIG_USER_NS=y)
bwh> The upstream fixes (in davem/net.git) are the last two listed above
Bugs:
upstream: released (4.6-rc2) [bdf533de6968e9686df777dc178486f600c6e617, 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91]
3.16-upstream-stable: released (3.16.35) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch]
3.2-upstream-stable: released (3.2.80) [netfilter-x_tables-validate-e-target_offset-early.patch, netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch]
sid: released (4.5.1-1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch]
3.16-jessie-security: released (3.16.7-ckt25-2+deb8u1) [bugfix/all/netfilter-x_tables-validate-e-target_offset-early.patch, bugfix/all/netfilter-x_tables-make-sure-e-next_offset-covers-remaining-blob.patch]
3.2-wheezy-security: released (3.2.81-1)
|
