lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 16 Jan 2020 20:50:35 +0100
From:   Pablo Neira Ayuso <>
Subject: [PATCH 0/9] Netfilter updates for net


The following patchset contains Netfilter fixes for net:

1) Fix use-after-free in ipset bitmap destroy path, from Cong Wang.

2) Missing init netns in entry cleanup path of arp_tables,
   from Florian Westphal.

3) Fix WARN_ON in set destroy path due to missing cleanup on
   transaction error.

4) Incorrect netlink sanity check in tunnel, from Florian Westphal.

5) Missing sanity check for erspan version netlink attribute, also
   from Florian.

6) Remove WARN in nft_request_module() that can be triggered from
   userspace, from Florian Westphal.

7) Memleak in NFTA_HOOK_DEVS netlink parser, from Dan Carpenter.

8) List poison from commit path for flowtables that are added and
   deleted in the same batch, from Florian Westphal.

9) Fix NAT ICMP packet corruption, from Eyal Birger.

You can pull these changes from:


Thank you.


The following changes since commit c9f53049d4a842db6bcd76f597759a0ef5f65c86:

  MAINTAINERS: update my email address (2020-01-11 14:33:39 -0800)

are available in the git repository at:

  git:// HEAD

for you to fetch changes up to 61177e911dad660df86a4553eb01c95ece2f6a82:

  netfilter: nat: fix ICMP header corruption on ICMP errors (2020-01-16 15:08:25 +0100)

Cong Wang (1):
      netfilter: fix a use-after-free in mtype_destroy()

Dan Carpenter (1):
      netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()

Eyal Birger (1):
      netfilter: nat: fix ICMP header corruption on ICMP errors

Florian Westphal (5):
      netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
      netfilter: nft_tunnel: fix null-attribute check
      netfilter: nft_tunnel: ERSPAN_VERSION must not be null
      netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
      netfilter: nf_tables: fix flowtable list del corruption

Pablo Neira Ayuso (1):
      netfilter: nf_tables: store transaction list locally while requesting module

 net/ipv4/netfilter/arp_tables.c         | 19 ++++++++--------
 net/netfilter/ipset/ip_set_bitmap_gen.h |  2 +-
 net/netfilter/nf_nat_proto.c            | 13 +++++++++++
 net/netfilter/nf_tables_api.c           | 39 ++++++++++++++++++++++-----------
 net/netfilter/nft_tunnel.c              |  5 ++++-
 5 files changed, 54 insertions(+), 24 deletions(-)

Powered by blists - more mailing lists