| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024022131-fang-rope-a629@gregkh> Date: Wed, 21 Feb 2024 12:24:01 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Vlastimil Babka <vbabka@...e.cz> Cc: cve@...nel.org, linux-cve-announce@...r.kernel.org, workflows@...r.kernel.org, Security Officers <security@...nel.org> Subject: Re: CVE-2023-52435: net: prevent mss overflow in skb_segment() On Wed, Feb 21, 2024 at 10:30:52AM +0100, Vlastimil Babka wrote: > On 2/20/24 19:06, Greg Kroah-Hartman wrote: > > The Linux kernel CVE team has assigned CVE-2023-52435 to this issue. > > > > > > Affected and fixed versions > > =========================== > > > > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.6.11 with commit 95b3904a261a > > Issue introduced in 4.8 with commit 3953c46c3ac7 and fixed in 6.7 with commit 23d05d563b7e > > Hello, > > what is the advice for stable users of versions between 4.19 and 6.1? Are > they not affected? They are affected, as the wording here states (and as the json values in the CVE entry itself show in great detail if you want a machine-parsable format to use) The fixes for the other branches are in the next round of -rc kernels to go out in an hour or so. thanks, greg k-h
Powered by blists - more mailing lists