Re: [stable 4.4] Security fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 25, 2017 at 06:07:38PM +0100, Ben Hutchings wrote:
> Greg,
> 
> I've found a number of CVEs fixed in upstream a while ago but still
> affecting stable branches.  The following commits should fix most of
> those for 4.4:
> 
> d29216842a85c7970c536108e093963f02714498 (CVE-2016-6213) [backported]
> 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (CVE-2016-7913)
> c58d6c93680f28ac58984af61d0a7ebf4319c241 (CVE-2016-7917)
> 3de81b758853f0b29c61e246679d20b513c4cfec (CVE-2016-8632) [backported]
> 05692d7005a364add85c6e25a6c4447ce08f913a (CVE-2016-9083, CVE-2016-9084)
> 9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (CVE-2016-9120)
> 43a6684519ab0a6c52024b5e25322476cabad893 (CVE-2017-2671)
> 321027c1fe77f892f4ea07846aeae08cefbbb290 (CVE-2017-6001) [backported]
> 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b (CVE-2017-7308)
> bcc5364bdcfe131e6379363f089e7b4108d35b70 (CVE-2017-7308)
> 
> I've attached patches for those that needed work to backport.
> 
> CVE-2017-7308 isn't yet fixed in 4.9 or 4.10, but David Miller has the
> patches queued up.
> 
> I should be able to provide you with a (much longer) list for 3.18
> later.

Very nice, thank you so much for this!  I'll queue them up for the next
4.4 release after this one gets released in a few days.

How did you happen to find these?  Where am I not looking that I should
have seen these?  For 4.4, I hope I'm paying attention :)

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]