blob: 9337c673628b5951aa12f67713bad94ebc694925 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
References:
https://www.openwall.com/lists/oss-security/2023/09/27/2
Notes:
carnil> Commit fixes 24e227896bbf ("netfilter: ipset: Add schedule
carnil> point in call_ad().") in 6.4-rc6 (but got backported to
carnil> 5.10.184, 6.1.34, 6.3.8) and so affecting stable series
carnil> relevant for Debian.
carnil> For 6.5.y fixed as well in 6.5.6.
Bugs:
upstream: released (6.6-rc3) [7433b6d2afd512d04398c73aa984d1e285be125b]
6.1-upstream-stable: released (6.1.56) [ea5a61d58886ae875f1b4a371999f2a8b58cf26d]
5.10-upstream-stable: released (5.10.198) [f1893feb20ea033bcd9c449b55df3dab3802c907]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.5.6-1)
6.1-bookworm-security: released (6.1.55-1) [bugfix/all/netfilter-ipset-fix-race-between-ipset_cmd_create-an.patch]
5.10-bullseye-security: released (5.10.197-1) [bugfix/all/netfilter-ipset-fix-race-between-ipset_cmd_create-an.patch]
4.19-buster-security: N/A "Vulnerable code not present"
|
