Hi Herbert,
these patches for 2.6.24 fix a number of netfilter bugs: a refcount leak in a
CONNMARK and CONNSECMARK error path, a network triggerable WARN_ON in the
IPv6 TCPMSS target and an endless loop caused by passing a zero-length pattern
to the string match.
Please apply, thanks.
lib/textsearch.c | 8 ++++++--
net/netfilter/xt_CONNMARK.c | 10 +++++-----
net/netfilter/xt_CONNSECMARK.c | 10 +++++-----
net/netfilter/xt_TCPMSS.c | 4 +---
4 files changed, 17 insertions(+), 15 deletions(-)
Jan Engelhardt (1):
[NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
Pablo Neira Ayuso (1):
[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
Patrick McHardy (1):
[NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
