lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20171101184812.4813-1-pablo@netfilter.org>
Date:   Wed,  1 Nov 2017 19:48:10 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/2] Netfilter fixes for net

Hi David,

The following patchset contains two one-liner fixes for your net tree,
they are:

1) Disable fast hash operations for 2-bytes length keys which is leading
   to incorrect lookups in nf_tables, from Anatole Denis.

2) Reload pointer ipv4 header after ip_route_me_harder() given this may
   result in use-after-free due to skbuff header reallocation, patch
   from Tejaswi Tanikella.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit 28e33f9d78eefe98ea86673ab31e988b37a9a738:

  bpf: disallow arithmetic operations on context pointer (2017-10-18 13:21:13 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 7400bb4b5800831581a82f71700af6a5e815c3c8:

  netfilter: nf_reject_ipv4: Fix use-after-free in send_reset (2017-11-01 12:15:29 +0100)

----------------------------------------------------------------
Anatole Denis (1):
      netfilter: nft_set_hash: disable fast_ops for 2-len keys

Tejaswi Tanikella (1):
      netfilter: nf_reject_ipv4: Fix use-after-free in send_reset

 net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++
 net/netfilter/nft_set_hash.c        | 1 -
 2 files changed, 2 insertions(+), 1 deletion(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ