From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751312AbdEPFUO (ORCPT <rfc822;w@1wt.eu>);
        Tue, 16 May 2017 01:20:14 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:47975 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750759AbdEPFUN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 May 2017 01:20:13 -0400
Date: Tue, 16 May 2017 07:20:09 +0200
From: Willy Tarreau <w@1wt.eu>
To: Steven Pease <spease@suitabletech.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: CVE-2016-10229 in 4.4.x series
Message-ID: <20170516052009.GA17400@1wt.eu>
References: <CALQ-SOCrEyJ9TQMKT8EdvjAJ_cY-6t48kfWs_VJ=FNn90ZPmGw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALQ-SOCrEyJ9TQMKT8EdvjAJ_cY-6t48kfWs_VJ=FNn90ZPmGw@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 15, 2017 at 06:09:53PM -0700, Steven Pease wrote:
> Hi,
> 
> This is my first post - not currently subscribed so please CC me. :) I
> searched a bit for this question, but couldn't find an answer (Googled
> '2016-10229 site:lkml.org').
> 
> Does CVE-2016-10229 affect the newest version of the 4.4.x kernel
> series (currently 4.4.68) and are there any plans to fix this in the
> 4.4 kernel series?

This one was fixed by upstream commit 197c949 ("udp: properly support
MSG_PEEK with truncated buffers"), which was backported in 4.4 as
commit dfe2042d96 in 4.4.21. So in short, 4.4.68 is safe.

Willy