lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20211217085303.363401-1-pablo@netfilter.org>
Date:   Fri, 17 Dec 2021 09:53:00 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org
Subject: [PATCH net 0/3] Netfilter fixes for net

Hi,

The following patchset contains Netfilter fixes for net:

1) Fix UAF in set catch-all element, from Eric Dumazet.

2) Fix MAC mangling for multicast/loopback traffic in nfnetlink_queue
   and nfnetlink_log, from Ignacy Gawędzki.

3) Remove expired entries from ctnetlink dump path regardless the tuple
   direction, from Florian Westphal.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit 1d1c950faa81e1c287c9e14f307f845b190eb578:

  Merge tag 'wireless-drivers-2021-12-15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers (2021-12-15 14:43:07 +0000)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 76f12e632a15a20c8de3532d64a0708cf0e32f11:

  netfilter: ctnetlink: remove expired entries first (2021-12-16 14:10:52 +0100)

----------------------------------------------------------------
Eric Dumazet (1):
      netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()

Florian Westphal (1):
      netfilter: ctnetlink: remove expired entries first

Ignacy Gawędzki (1):
      netfilter: fix regression in looped (broad|multi)cast's MAC handling

 net/netfilter/nf_conntrack_netlink.c | 5 +++--
 net/netfilter/nf_tables_api.c        | 4 ++--
 net/netfilter/nfnetlink_log.c        | 3 ++-
 net/netfilter/nfnetlink_queue.c      | 3 ++-
 4 files changed, 9 insertions(+), 6 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ