Re: [stable 4.4] Security fixes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 25, 2017 at 06:07:38PM +0100, Ben Hutchings wrote:
> Greg,
> 
> I've found a number of CVEs fixed in upstream a while ago but still
> affecting stable branches.  The following commits should fix most of
> those for 4.4:
> 
> d29216842a85c7970c536108e093963f02714498 (CVE-2016-6213) [backported]
> 8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (CVE-2016-7913)
> c58d6c93680f28ac58984af61d0a7ebf4319c241 (CVE-2016-7917)
> 3de81b758853f0b29c61e246679d20b513c4cfec (CVE-2016-8632) [backported]
> 05692d7005a364add85c6e25a6c4447ce08f913a (CVE-2016-9083, CVE-2016-9084)
> 9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (CVE-2016-9120)
> 43a6684519ab0a6c52024b5e25322476cabad893 (CVE-2017-2671)
> 321027c1fe77f892f4ea07846aeae08cefbbb290 (CVE-2017-6001) [backported]
> 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b (CVE-2017-7308)
> bcc5364bdcfe131e6379363f089e7b4108d35b70 (CVE-2017-7308)
> 
> I've attached patches for those that needed work to backport.

Many thanks for these, all now queued up.

> CVE-2017-7308 isn't yet fixed in 4.9 or 4.10, but David Miller has the
> patches queued up.

Ok, I'll hold off on those for now.

> I should be able to provide you with a (much longer) list for 3.18
> later.

I think a few of these worked for 3.18, so I have applied them.  But if
you have a better list, I'd appreciate it, but don't feel like you have
to spend a lot of time on it.

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]