* CVE-2016-10229 in 4.4.x series
@ 2017-05-16 1:09 Steven Pease
2017-05-16 5:20 ` Willy Tarreau
0 siblings, 1 reply; 4+ messages in thread
From: Steven Pease @ 2017-05-16 1:09 UTC (permalink / raw)
To: linux-kernel
Hi,
This is my first post - not currently subscribed so please CC me. :) I
searched a bit for this question, but couldn't find an answer (Googled
'2016-10229 site:lkml.org').
Does CVE-2016-10229 affect the newest version of the 4.4.x kernel
series (currently 4.4.68) and are there any plans to fix this in the
4.4 kernel series?
Thanks,
--
- Steven
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CVE-2016-10229 in 4.4.x series
2017-05-16 1:09 CVE-2016-10229 in 4.4.x series Steven Pease
@ 2017-05-16 5:20 ` Willy Tarreau
2017-05-16 5:53 ` Steven Pease
0 siblings, 1 reply; 4+ messages in thread
From: Willy Tarreau @ 2017-05-16 5:20 UTC (permalink / raw)
To: Steven Pease; +Cc: linux-kernel
On Mon, May 15, 2017 at 06:09:53PM -0700, Steven Pease wrote:
> Hi,
>
> This is my first post - not currently subscribed so please CC me. :) I
> searched a bit for this question, but couldn't find an answer (Googled
> '2016-10229 site:lkml.org').
>
> Does CVE-2016-10229 affect the newest version of the 4.4.x kernel
> series (currently 4.4.68) and are there any plans to fix this in the
> 4.4 kernel series?
This one was fixed by upstream commit 197c949 ("udp: properly support
MSG_PEEK with truncated buffers"), which was backported in 4.4 as
commit dfe2042d96 in 4.4.21. So in short, 4.4.68 is safe.
Willy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CVE-2016-10229 in 4.4.x series
2017-05-16 5:20 ` Willy Tarreau
@ 2017-05-16 5:53 ` Steven Pease
2017-05-16 6:06 ` Willy Tarreau
0 siblings, 1 reply; 4+ messages in thread
From: Steven Pease @ 2017-05-16 5:53 UTC (permalink / raw)
To: Willy Tarreau; +Cc: linux-kernel
Is there any particular reason that the CVE appears to be filed
against 4.4.60? Or is this just a mistake?
http://www.cvedetails.com/cve/CVE-2016-10229/
- Steven
On Mon, May 15, 2017 at 10:20 PM, Willy Tarreau <w@1wt.eu> wrote:
> On Mon, May 15, 2017 at 06:09:53PM -0700, Steven Pease wrote:
>> Hi,
>>
>> This is my first post - not currently subscribed so please CC me. :) I
>> searched a bit for this question, but couldn't find an answer (Googled
>> '2016-10229 site:lkml.org').
>>
>> Does CVE-2016-10229 affect the newest version of the 4.4.x kernel
>> series (currently 4.4.68) and are there any plans to fix this in the
>> 4.4 kernel series?
>
> This one was fixed by upstream commit 197c949 ("udp: properly support
> MSG_PEEK with truncated buffers"), which was backported in 4.4 as
> commit dfe2042d96 in 4.4.21. So in short, 4.4.68 is safe.
>
> Willy
--
- Steven
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CVE-2016-10229 in 4.4.x series
2017-05-16 5:53 ` Steven Pease
@ 2017-05-16 6:06 ` Willy Tarreau
0 siblings, 0 replies; 4+ messages in thread
From: Willy Tarreau @ 2017-05-16 6:06 UTC (permalink / raw)
To: Steven Pease; +Cc: linux-kernel
On Mon, May 15, 2017 at 10:53:50PM -0700, Steven Pease wrote:
> Is there any particular reason that the CVE appears to be filed
> against 4.4.60? Or is this just a mistake?
>
> http://www.cvedetails.com/cve/CVE-2016-10229/
I have no idea why. Maybe they mentionned the current version at the
moment the CVE was issued (which seems to match). In fact this bug was
discovered as being a vulnerability long after the bug was fixed.
Willy
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-05-16 6:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-16 1:09 CVE-2016-10229 in 4.4.x series Steven Pease
2017-05-16 5:20 ` Willy Tarreau
2017-05-16 5:53 ` Steven Pease
2017-05-16 6:06 ` Willy Tarreau
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.