* 4.1.y missing commit for CVE-2016-10229
@ 2017-04-13 16:41 Josh Hunt
2017-04-13 20:10 ` Josh Hunt
0 siblings, 1 reply; 2+ messages in thread
From: Josh Hunt @ 2017-04-13 16:41 UTC (permalink / raw)
To: Levin, Alexander, stable; +Cc: Eric Dumazet, herbert, David S. Miller
It looks like the following commit:
197c949e7798 ("udp: properly support MSG_PEEK with truncated buffers")
did not get backported to 4.1.y stable. I do see it in 4.4.y. If the
authors of the patch are OK with this can we please get this included in
4.1.y?
FWIW the 4.4.y commit, dfe2042d96065f044a794f684e9f7976a4ca6e24,
cherry-picks cleanly on top of 4.1.y.
Here's a link to the CVE info:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10229
Thanks
Josh
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: 4.1.y missing commit for CVE-2016-10229
2017-04-13 16:41 4.1.y missing commit for CVE-2016-10229 Josh Hunt
@ 2017-04-13 20:10 ` Josh Hunt
0 siblings, 0 replies; 2+ messages in thread
From: Josh Hunt @ 2017-04-13 20:10 UTC (permalink / raw)
To: Levin, Alexander, stable; +Cc: Eric Dumazet, herbert, David S. Miller
On 04/13/2017 11:41 AM, Josh Hunt wrote:
> It looks like the following commit:
>
> 197c949e7798 ("udp: properly support MSG_PEEK with truncated buffers")
>
> did not get backported to 4.1.y stable. I do see it in 4.4.y. If the
> authors of the patch are OK with this can we please get this included in
> 4.1.y?
>
> FWIW the 4.4.y commit, dfe2042d96065f044a794f684e9f7976a4ca6e24,
> cherry-picks cleanly on top of 4.1.y.
>
> Here's a link to the CVE info:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10229
>
Looking into this more it appears that this commit may not be necessary
for 4.1 since it has Al Viro's argument change mentioned by Eric in the
commit message. Although if someone could confirm that would be helpful.
Our initial thought was all kernels < 4.5 were affected. This does not
seem to be the case.
Josh
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-13 20:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-13 16:41 4.1.y missing commit for CVE-2016-10229 Josh Hunt
2017-04-13 20:10 ` Josh Hunt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.