summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2018-5391
blob: 4165f65bc0eccdd04311881063f5292967940cb6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Description: FragmentSmack (IP fragments)
References:
 https://www.kb.cert.org/vuls/id/641765
Notes:
 carnil> Should affect 3.9 and later and mitigation/good enough fix is
 carnil> to revert c2a936600f78aea00d3312ea4b66a79a4619f9b4. Or change
 carnil> the default values of net.ipv4.ipfrag_high_thresh and
 carnil> net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively)
 carnil> or below.
 carnil> "Proper" patches in the works.
 carnil> SuSE identifies upstream commits which seem to properly address
 carnil> the issue, but needs more checking:
 carnil> https://bugzilla.novell.com/show_bug.cgi?id=1103097
 carnil> Candidates for backports:
 carnil> https://bugzilla.novell.com/show_bug.cgi?id=1103097#c15
 carnil> 56e2c94f05    inet: frag: enforce memory limits earlier
 carnil> 4672694bd4    ipv4: frags: handle possible skb truesize change
 carnil> and
 carnil> 0ed4229b08c1  ipv6: defrag: drop non-last frags smaller than min mtu
 carnil> 7969e5c40dfd  ip: discard IPv4 datagrams with overlapping segments.
 carnil> 385114dec8a4  net: modify skb_rbtree_purge to return the truesize of all
 carnil>               purged skbs.
 carnil> fa0f527358bd  ip: use rb trees for IP frag queue.
 canril> It needs to be checked that the upstream fixes will for 4.9-upstream-
 canril> stable and 3.16-upstream-stable do not cause CVE-2018-14641. In
 canril> the proposed patch series from Florian Fainelli <f.fainelli@gmail.com>,
 carnil> ("[PATCH stable 4.9 v2 00/29] backport of IP fragmentation fixes") contain
 carnil> the needed fix.
 carnil> The commits backported to 4.9.134 are complete and are not introducing
 carnil> thus CVE-2018-14641.
Bugs:
upstream: released (4.19-rc1) [7969e5c40dfd04799d4341f1b7cd266b6e47f227, 385114dec8a49b5e5945e77ba7de6356106713f4, fa0f527358bd900ef92f925878ed6bfbd51305cc]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.134) [7fca77153c5c2a2c59e70720332bce7088aef8e8, 2ffb1c363dfa89858dded0b291f005faf1b72adc, bbf6d8604475f36279c7b2d9a1f425654bc24588, dae73e7d73fce8d8d5132ec3c94de16280653fc6, 1b363f81f38f28bd69ec90837da0f65161f36325, 620018dd713da51daac7ec4cd0ae54b0f0fa0f75, fb19348bd709e3f948825ed995bdc477a0414772, 23ce9c5ce704b985dad79bce944a348f0c205869, ea7496f018adcfbac5396ead5756dcabb9866749, 49106f36c253a3c4ce7cf297415826af0c4339ea, 965e2adc5850836586e0961c350b94c2092da319, 7f6170683223cb38cabaff21ecbb9a6375ad10f6, 7a87ec92d36a660820d426d8c54794c44077277f, cbc45497b39c4626adaeca2a409588f19ae19e34, 6060bcdcffaba68c3ff158a88faab6df27210ffc, 5b68fda0a455be7f48fdf97407de1aa09d046fdd, 316986fe4dcac011b4f85d9bbef1edf4953c0219, d838486621c38f084b867743a0abd0968c6cb196, 82f36cbc74595f06900f478d4eaf7217a4f06e13, f5d17b55f4be318adf3b642b50bd25e5245ecc17, 871695951ec6f6b0b1a258c9bb5336bfeffab409, a8444b1ccb20339774af58e40ad42296074fb484, 791521e2e377f66ef5ee6e5002dec758234d8d32, b475cf3bf1e8212b0287c6d15249e2c942693ae5, 10043954eadac2d8f8c1886190f7a7ee584ff939, e9e4ac488c017739b2832177550ba2569fffc709, 4077ddb2cb48ca4592d738ea37cd58c5d41754bd, 85e59af99a7f7c9bcd089f2404b405df7ee665ba, 5a0f340f5ad6a6cc6518f212802f95b669e8fe27]
3.16-upstream-stable: ignored "Too risky to apply upstream fix, and it can be mitigated with sysctl changes"
sid: released (4.17.15-1) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]
4.9-stretch-security: released (4.9.110-3+deb9u2) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]
3.16-jessie-security: released (3.16.59-1) [bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch]

© 2014-2024 Faster IT GmbH | imprint | privacy policy