On Tue, May 30, 2017 at 11:43 AM, Eduardo Valentin <eduval@xxxxxxxxxx> wrote:
> Folks,
>
> I was checking the CVE-2017-9076 [1], which mentions this commit:
>
> commit 83eaddab4378db256d00d295bda6ca997cd13a52
> Author: WANG Cong <xiyou.wangcong@xxxxxxxxx>
> Date: Tue May 9 16:59:54 2017 -0700
>
> ipv6/dccp: do not inherit ipv6_mc_list from parent
>
> Like commit 657831ffc38e ("dccp/tcp: do not inherit mc_list from parent")
> we should clear ipv6_mc_list etc. for IPv6 sockets too.
>
> Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
> Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
> Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
>
> And I was wondering if it could simply be sent to stable trees. The change
> can be cherry-picked on 4.9.y, for example.
Yes, this commit should be backported to stable releases together with
the following two commits:
commit 657831ffc38e30092a2d5f03d385d710eb88b09a
Author: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Tue May 9 06:29:19 2017 -0700
dccp/tcp: do not inherit mc_list from parent
commit fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
Author: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Wed May 17 07:16:40 2017 -0700
sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
Thanks.