lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 28 Oct 2021 20:42:28 +0300
From:   Ovidiu Panait <ovidiu.panait@...driver.com>
To:     linux-kernel@...r.kernel.org
Cc:     edumazet@...gle.com, davem@...emloft.net, kman001@....edu,
        weiwan@...gle.com
Subject: [PATCH 5.4 0/2] ipv4/ipv6: backport fixes for CVE-2021-20322

The following commits are needed to fix CVE-2021-20322:
ipv4:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6457378fe796815c973f631a1904e147d6ee33b1
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67d6d681e15b578c1725bad8ad079e05d1c48a8e

ipv6:
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4785305c05b25a242e5314cc821f54ade4c18810
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a00df2caffed3883c341d5685f830434312e4a43

Commits [2] and [4] are already present in 5.4 stable, so backport the
remaining two fixes with minor context adjustments.

Eric Dumazet (2):
  ipv6: use siphash in rt6_exception_hash()
  ipv4: use siphash instead of Jenkins in fnhe_hashfun()

 net/ipv4/route.c | 12 ++++++------
 net/ipv6/route.c | 20 ++++++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ