| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241031100117.152995-1-pablo@netfilter.org>
Date: Thu, 31 Oct 2024 11:01:13 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
netdev@...r.kernel.org,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
fw@...len.de
Subject: [PATCH net 0/4] Netfilter fixes for net
Hi,
The following patchset contains Netfilter fixes for net:
1) Remove unused parameters in conntrack_dump_flush.c used by
selftests, from Liu Jing.
2) Fix possible UaF when removing xtables module via getsockopt()
interface, from Dong Chenchen.
3) Fix potential crash in nf_send_reset6() reported by syzkaller.
From Eric Dumazet
4) Validate offset and length before calling skb_checksum()
in nft_payload, otherwise hitting BUG() is possible.
Please, apply,
Thanks.
Dong Chenchen (1):
netfilter: Fix use-after-free in get_info()
Eric Dumazet (1):
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
Liu Jing (1):
selftests: netfilter: remove unused parameter
Pablo Neira Ayuso (1):
netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
net/ipv6/netfilter/nf_reject_ipv6.c | 15 +++++++--------
net/netfilter/nft_payload.c | 3 +++
net/netfilter/x_tables.c | 2 +-
.../net/netfilter/conntrack_dump_flush.c | 6 +++---
4 files changed, 14 insertions(+), 12 deletions(-)
--
2.30.2
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-31
Thanks.
----------------------------------------------------------------
The following changes since commit c05c62850a8f035a267151dd86ea3daf887e28b8:
Merge tag 'wireless-2024-10-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless (2024-10-29 18:57:12 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-10-31
for you to fetch changes up to d5953d680f7e96208c29ce4139a0e38de87a57fe:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (2024-10-31 10:54:49 +0100)
----------------------------------------------------------------
netfilter pull request 24-10-31
----------------------------------------------------------------
Dong Chenchen (1):
netfilter: Fix use-after-free in get_info()
Eric Dumazet (1):
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
Liu Jing (1):
selftests: netfilter: remove unused parameter
Pablo Neira Ayuso (1):
netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
net/ipv6/netfilter/nf_reject_ipv6.c | 15 +++++++--------
net/netfilter/nft_payload.c | 3 +++
net/netfilter/x_tables.c | 2 +-
.../selftests/net/netfilter/conntrack_dump_flush.c | 6 +++---
4 files changed, 14 insertions(+), 12 deletions(-)
Powered by blists - more mailing lists