lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20090723141523.19029.89290.sendpatchset@x2.localnet>
Date:	Thu, 23 Jul 2009 16:15:24 +0200 (MEST)
From:	Patrick McHardy <kaber@...sh.net>
To:	stable@...nel.org
Cc:	netdev@...r.kernel.org, Patrick McHardy <kaber@...sh.net>,
	netfilter-devel@...r.kernel.org
Subject: netfilter -stable 00/08: netfilter -stable fixes

Following are couple of netfilter fixes for -stable, fixing

- various races in nf_conntrack introduced by the conversion to use
  RCU for the conntrack hash and follow-up patch to use SLAB_DESTROY_BY_RCU
  for the conntrack slab

- direct userspace memory access in the nf_log /proc handler

- a missing initialization in the quota match, possibly causing malfunction
  on SMP

- an incorrect comparison in the rateest match

- unacknowledged data detection in TCP conntrack in combination with
  NAT helpers reducing the packet size

Please apply, thanks.


 Documentation/RCU/rculist_nulls.txt    |    7 +++++-
 include/net/netfilter/nf_conntrack.h   |    4 +-
 net/ipv4/netfilter/nf_nat_helper.c     |   17 +++++++++-----
 net/netfilter/nf_conntrack_core.c      |   36 ++++++++++++++++++++++++++-----
 net/netfilter/nf_conntrack_proto_tcp.c |    6 ++--
 net/netfilter/nf_log.c                 |   22 ++++++++++++-------
 net/netfilter/xt_quota.c               |    1 +
 net/netfilter/xt_rateest.c             |    2 +-
 8 files changed, 68 insertions(+), 27 deletions(-)

Patrick McHardy (8):
      netfilter: nf_log: fix sleeping function called from invalid context
      netfilter: nf_conntrack: fix confirmation race condition
      netfilter: nf_conntrack: fix conntrack lookup race
      netfilter: nf_log: fix direct userspace memory access in proc handler
      netfilter: xt_quota: fix incomplete initialization
      netfilter: xt_rateest: fix comparison with self
      netfilter: tcp conntrack: fix unacknowledged data detection with NAT
      netfilter: nf_conntrack: nf_conntrack_alloc() fixes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ