lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20241031100117.152995-1-pablo@netfilter.org>
Date: Thu, 31 Oct 2024 11:01:13 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
	netdev@...r.kernel.org,
	kuba@...nel.org,
	pabeni@...hat.com,
	edumazet@...gle.com,
	fw@...len.de
Subject: [PATCH net 0/4] Netfilter fixes for net

Hi,

The following patchset contains Netfilter fixes for net:

1) Remove unused parameters in conntrack_dump_flush.c used by
   selftests, from Liu Jing.

2) Fix possible UaF when removing xtables module via getsockopt()
   interface, from Dong Chenchen.

3) Fix potential crash in nf_send_reset6() reported by syzkaller.
   From Eric Dumazet

4) Validate offset and length before calling skb_checksum()
   in nft_payload, otherwise hitting BUG() is possible.

Please, apply,
Thanks.

Dong Chenchen (1):
  netfilter: Fix use-after-free in get_info()

Eric Dumazet (1):
  netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

Liu Jing (1):
  selftests: netfilter: remove unused parameter

Pablo Neira Ayuso (1):
  netfilter: nft_payload: sanitize offset and length before calling
    skb_checksum()

 net/ipv6/netfilter/nf_reject_ipv6.c               | 15 +++++++--------
 net/netfilter/nft_payload.c                       |  3 +++
 net/netfilter/x_tables.c                          |  2 +-
 .../net/netfilter/conntrack_dump_flush.c          |  6 +++---
 4 files changed, 14 insertions(+), 12 deletions(-)

-- 
2.30.2

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-31

Thanks.

----------------------------------------------------------------

The following changes since commit c05c62850a8f035a267151dd86ea3daf887e28b8:

  Merge tag 'wireless-2024-10-29' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless (2024-10-29 18:57:12 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-10-31

for you to fetch changes up to d5953d680f7e96208c29ce4139a0e38de87a57fe:

  netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (2024-10-31 10:54:49 +0100)

----------------------------------------------------------------
netfilter pull request 24-10-31

----------------------------------------------------------------
Dong Chenchen (1):
      netfilter: Fix use-after-free in get_info()

Eric Dumazet (1):
      netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

Liu Jing (1):
      selftests: netfilter: remove unused parameter

Pablo Neira Ayuso (1):
      netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

 net/ipv6/netfilter/nf_reject_ipv6.c                       | 15 +++++++--------
 net/netfilter/nft_payload.c                               |  3 +++
 net/netfilter/x_tables.c                                  |  2 +-
 .../selftests/net/netfilter/conntrack_dump_flush.c        |  6 +++---
 4 files changed, 14 insertions(+), 12 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ