blob: 58a37d3c2d01243682ff061f3046e8b48ce1a4c3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: scsi: nlmsg not properly parsed in iscsi_if_rx function
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1490421
https://patchwork.kernel.org/patch/9923803/
Notes:
bwh> Appears to have been introduced in 2.6.15 by commit 0896b7523026
bwh> "[SCSI] open-iscsi/linux-iscsi-5 Initiator: Transport class update for
bwh> iSCSI".
carnil> 7f564528a480084e2318cd48caba7aef4a54a77f is presumably the upstream
carnil> fix already fixing the issue, cf.
carnil> http://www.openwall.com/lists/oss-security/2017/09/25/3 but
carnil> "nevertheless, the buffer overwrite is still there, so a suggested
carnil> patch 9923803 (or its later version) is still needed."
carnil> Fix is pending for 4.14/scsi-fixes in:
carnil> https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.14/scsi-fixes&id=c88f0e6b06f4092995688211a631bb436125d77b
Bugs:
upstream: released (4.14-rc3) [c88f0e6b06f4092995688211a631bb436125d77b]
4.9-upstream-stable: released (4.9.53) [b42bf0f15cf70926f3a460e7517703fda6191ba7]
3.16-upstream-stable: released (3.16.49) [a1b438ad8590add8f6b0b679171bf5e0d45e2da1]
3.2-upstream-stable: released (3.2.94) [7d38a8202c4a6acf91d6163f53f3253a261bbd22]
sid: released (4.12.13-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
3.16-jessie-security: released (3.16.43-2+deb8u4) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
3.2-wheezy-security: released (3.2.93-1) [bugfix/all/scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch]
|
