[ANNOUNCE] Release v4.4.302-cip73

[ANNOUNCE] Release v4.4.302-cip73

[Ulrich Hecht]

[ANNOUNCE] Release v4.4.302-cip73

Hi,

the CIP kernel team has released Linux kernel v4.4.302-cip73. The linux-4.4.y-cip tree's base version has been updated to v4.4-st38.

You can get this release via the git tree at:

  v4.4.302-cip73:
    repository:
      https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
    branch:
      linux-4.4.y-cip
    commit hash:
      b58e18a67ac192c595acdaf67c2e666bf0433787
    Fixed CVEs:
      CVE-2022-47929: In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
      CVE-2023-0045: Bypassing Spectre-BTI User Space Mitigations
      CVE-2023-0394: ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
      CVE-2023-1073: HID: check empty report_list in hid_validate_values()
      CVE-2023-1074: sctp: fail if no bound addresses can be used for a given scope
      CVE-2023-23455: net: sched: atm: dont intepret cls results when asked to drop
      CVE-2023-23559: rndis_wlan: Prevent buffer overflow in rndis_query_oid
      CVE-2023-26545: net: mpls: fix stale pointer if allocation fails during device rename

Best regards,
Ulrich Hecht

RE: [cip-dev] [ANNOUNCE] Release v4.4.302-cip73

[nobuhiro1.iwamatsu]

Hi Uli,

Could you update linux-4.4.y-cip-rebase tree?
https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git/log/?h=linux-4.4.y-cip-rebase

This tree manages the -cip tree source code rebased from v4.4.y. This time we need to rebase from v4.4-st38.

Best regards,
  Nobuhiro

> -----Original Message-----
> From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On
> Behalf Of Ulrich Hecht
> Sent: Tuesday, March 14, 2023 1:05 AM
> To: cip-dev@lists.cip-project.org
> Cc: pavel@denx.de; jan.kiszka@siemens.com;
> masami.ichikawa@cybertrust.co.jp; chris.paterson2@renesas.com; iwamatsu
> nobuhiro(岩松 信洋 □ＳＷＣ◯ＡＣＴ)
> <nobuhiro1.iwamatsu@toshiba.co.jp>
> Subject: [cip-dev] [ANNOUNCE] Release v4.4.302-cip73
> 
> [ANNOUNCE] Release v4.4.302-cip73
> 
> Hi,
> 
> the CIP kernel team has released Linux kernel v4.4.302-cip73. The
> linux-4.4.y-cip tree's base version has been updated to v4.4-st38.
> 
> You can get this release via the git tree at:
> 
>   v4.4.302-cip73:
>     repository:
>       https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
>     branch:
>       linux-4.4.y-cip
>     commit hash:
>       b58e18a67ac192c595acdaf67c2e666bf0433787
>     Fixed CVEs:
>       CVE-2022-47929: In the Linux kernel before 6.1.6, a NULL pointer
> dereference bug in the traffic control subsystem allows an unprivileged user to
> trigger a denial of service (system crash) via a crafted traffic control
> configuration that is set up with "tc qdisc" and "tc class" commands. This
> affects qdisc_graft in net/sched/sch_api.c.
>       CVE-2023-0045: Bypassing Spectre-BTI User Space Mitigations
>       CVE-2023-0394: ipv6: raw: Deduct extension header length in
> rawv6_push_pending_frames
>       CVE-2023-1073: HID: check empty report_list in hid_validate_values()
>       CVE-2023-1074: sctp: fail if no bound addresses can be used for a given
> scope
>       CVE-2023-23455: net: sched: atm: dont intepret cls results when asked
> to drop
>       CVE-2023-23559: rndis_wlan: Prevent buffer overflow in
> rndis_query_oid
>       CVE-2023-26545: net: mpls: fix stale pointer if allocation fails during
> device rename
> 
> Best regards,
> Ulrich Hecht