From: "Nobuhiro Iwamatsu" <nobuhiro1.iwamatsu@toshiba.co.jp>
To: <cip-dev@lists.cip-project.org>, <jan.kiszka@siemens.com>,
<minmin@plathome.co.jp>
Cc: <pavel@denx.de>, <wens@csie.org>
Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
Date: Thu, 8 Apr 2021 01:55:51 +0000 [thread overview]
Message-ID: <OSBPR01MB2983E7B807513366EE13257392749@OSBPR01MB2983.jpnprd01.prod.outlook.com> (raw)
In-Reply-To: <TY2PR01MB4972F52002A1794994A0EEF6A0689@TY2PR01MB4972.jpnprd01.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 4706 bytes --]
Hi all,
I dropped each config from config files.
Best regards,
Nobuhiro
> -----Original Message-----
> From: cip-dev@lists.cip-project.org [mailto:cip-dev@lists.cip-project.org] On Behalf Of
> masashi.kudo@cybertrust.co.jp
> Sent: Friday, March 19, 2021 5:48 PM
> To: jan.kiszka@siemens.com; minmin@plathome.co.jp; cip-dev@lists.cip-project.org
> Cc: pavel@denx.de; iwamatsu nobuhiro(岩松 信洋 □SWC◯ACT) <nobuhiro1.iwamatsu@toshiba.co.jp>; wens@csie.org
> Subject: Re: [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18
>
> Hi, Jan-san,
>
> Thanks for your confirmation!
>
> Iwamatsu-san,
>
> Could you turn off both features from the following configs?
>
> > > - CVE-2020-35519 is relating to X.25.
> > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > > - CVE-2021-20261 is relating to floppy.
> > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
>
> Best regards,
> --
> M. Kudo
>
> > -----Original Message-----
> > From: Jan Kiszka <jan.kiszka@siemens.com>
> > Sent: Friday, March 19, 2021 5:06 PM
> > To: 工藤 雅司(CTJ OSS事業推進室) <masashi.kudo@cybertrust.co.jp>;
> > minmin@plathome.co.jp; cip-dev@lists.cip-project.org
> > Cc: pavel@denx.de; nobuhiro1.iwamatsu@toshiba.co.jp; wens@csie.org
> > Subject: Re: [Feedback Requested] RE: Cip-kernel-sec Updates for Week of
> > 2021-03-18
> >
> > On 18.03.21 10:33, masashi.kudo@cybertrust.co.jp wrote:
> > > Hi, Jan-san, Minda-san,
> > >
> > > Please find the CVE report as follows.
> > > In the analysis of those CVEs, we found some doubts about the configs.
> > >
> > > - CVE-2020-35519 is relating to X.25.
> > > X.25 is enabled as follows, but we wonder whether X.25 is really used or not.
> > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > >
> > > Please confirm, and let us know whether X.25 should be disabled.
> > >
> > > - CVE-2021-20261 is relating to floppy.
> > > It is enabled as follows.
> > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> > >
> > > Please confirm that this can be also disabled.
> > >
> >
> > Yes, both features can be turned off.
> >
> > Thanks,
> > Jan
> >
> > > Best regards,
> > > --
> > > M. Kudo
> > >
> > >> -----Original Message-----
> > >> From: Chen-Yu Tsai <wens@csie.org>
> > >> Sent: Thursday, March 18, 2021 5:48 PM
> > >> To: cip-dev@lists.cip-project.org
> > >> Cc: Pavel Machek <pavel@denx.de>; Nobuhiro Iwamatsu
> > >> <nobuhiro1.iwamatsu@toshiba.co.jp>; 工藤 雅司(CTJ OSS事業推進室)
> > >> <masashi.kudo@cybertrust.co.jp>
> > >> Subject: Cip-kernel-sec Updates for Week of 2021-03-18
> > >>
> > >> Hi everyone,
> > >>
> > >> Six new issues this week from the Ubuntu tracker:
> > >>
> > >> - CVE-2020-35519 [net/x25: buffer overflow] - fixed
> > >> Looks like a few configs still have X.25 enabled:
> > >> 4.4.y-cip/x86/plathome_obsvx1.config:CONFIG_X25=m
> > >> 4.19.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_X25=m
> > >> 5.10.y-cip-rt/x86/siemens_i386-rt_defconfig:CONFIG_X25=m
> > >> Maybe they should be revisited? cip-kernel-config also gives warnings
> > >> for CONFIG_X25.
> > >>
> > >> - CVE-2021-20219 [improper synchronization in flush_to_ldisc()] -
> > >> likely RedHat only
> > >> Report mentions incorrect backport in RedHat kernels.
> > >>
> > >> - CVE-2021-20261 [floppy: race condition data corruption] - fixed
> > >> No member enables this except:
> > >> 4.4.y-cip-rt/x86/siemens_i386-rt.config:CONFIG_BLK_DEV_FD=m
> > >> which should probably be turned off.
> > >>
> > >> - CVE-2021-28375 [fastrpc: allows sending kernel RPCs] - fixed
> > >> No member enables this.
> > >>
> > >> - CVE-2021-28660 [rtl8188eu: array access out-of-bounds] - fixed
> > >> No member enables this.
> > >>
> > >> - CVE-2021-3428 [integer overflow in ext4_es_cache_extent] - unclear [1]
> > >> Requires a specially-crafted ext4 FS image, so we likely don't care.
> > >>
> > >> Unfortunately Debian's Salsa service, where the Debian kernel
> > >> security issue tracker is hosted, is currently down, so we only have one source
> > of data this week.
> > >>
> > >>
> > >> Regards
> > >> ChenYu
> > >>
> > >>
> > >> [1]
> > >> https://lore.kernel.org/stable/20210317151834.GE2541@quack2.suse.cz/
> >
> >
> > --
> > Siemens AG, T RDA IOT
> > Corporate Competence Center Embedded Linux
[-- Attachment #2: Type: text/plain, Size: 428 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6346): https://lists.cip-project.org/g/cip-dev/message/6346
Mute This Topic: https://lists.cip-project.org/mt/81425316/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/4520388/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2021-04-08 1:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 9:33 [cip-dev] [Feedback Requested] RE: Cip-kernel-sec Updates for Week of 2021-03-18 masashi.kudo
2021-03-19 6:55 ` minmin
2021-03-19 7:05 ` masashi.kudo
2021-04-08 2:00 ` Nobuhiro Iwamatsu
2021-03-19 8:05 ` Jan Kiszka
2021-03-19 8:47 ` masashi.kudo
2021-04-08 1:55 ` Nobuhiro Iwamatsu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OSBPR01MB2983E7B807513366EE13257392749@OSBPR01MB2983.jpnprd01.prod.outlook.com \
--to=nobuhiro1.iwamatsu@toshiba.co.jp \
--cc=cip-dev@lists.cip-project.org \
--cc=jan.kiszka@siemens.com \
--cc=minmin@plathome.co.jp \
--cc=pavel@denx.de \
--cc=wens@csie.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).