blob: 49b8fdadeb1c99311546b39a136976cce3f7d810 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
References:
https://marc.info/?l=linux-netdev&m=152023808817590&w=2
https://marc.info/?l=linux-netdev&m=152025888924151&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1552048
Notes:
carnil> Fixed as well in 4.15.10
carnil> This is mitigated in Debian by unprivileged user namespaces being
carnil> default-disabled.
carnil> cherry picking the commit for 4.9.x would need as well commit
carnil> 932909d9b28d27e807ff8eecb68c7748f6701628 ("netfilter: ebtables:
carnil> fix erroneous reject of last rule") as a followup fix.
carnil> Cf. Message-ID: <20180313112930.GA31828@breakpoint.cc>
carnil> else "it becomes impossible to add rules to the last builtin base
carnil> chain."
Bugs:
upstream: released (4.16-rc5) [b71812168571fa55e44cdd0254471331b9c4c4c6]
4.9-upstream-stable: released (4.9.88) [21ff147189ff0692d203282c1dced02f83dcf785]
3.16-upstream-stable: released (3.16.57) [71a00fe67dde7d2ed206a0db2a67f29fad90cc72]
3.2-upstream-stable: released (3.2.102) [dccc6e2c9b486b99b6ec356e14f7de58832b3833]
sid: released (4.15.11-1)
4.9-stretch-security: released (4.9.88-1)
3.16-jessie-security: released (3.16.56-1) [bugfix/all/netfilter-ebtables-config_compat-don-t-trust-userlan.patch]
3.2-wheezy-security: released (3.2.101-1) [bugfix/all/netfilter-ebtables-config_compat-don-t-trust-userlan.patch]
|
