On Thu, 2013-11-14 at 15:59 +0000, Luis Henriques wrote: > On Sat, Oct 26, 2013 at 06:46:37PM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > > This is a note to let you know that I've just added the patch titled > > > > inet: fix possible memory corruption with UDP_CORK and UFO > > > > to the 3.4-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > > > The filename of the patch is: > > inet-fix-possible-memory-corruption-with-udp_cork-and-ufo.patch > > and it can be found in the queue-3.4 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable tree, > > please let <stable@xxxxxxxxxxxxxxx> know about it. > > > > This patch seems to also be applicable to the 3.2 kernel Agreed. David? > (and probably to the 2.6.32 as well...?), specially because it also fixes > CVE-2013-4470. [...] Right. It looks like this bug may have been introduced for IPv4 by commit 26cde9f7e274 ('udp: Fix bogus UFO packet generation') which was applied in 2.6.32.40. Linux 2.6.32.y will need commit 2811ebac2521 ('ipv6: udp packets following an UFO enqueued packet need also be handled by UFO') and then this one. Ben. -- Ben Hutchings Teamwork is essential - it allows you to blame someone else.
Attachment:
signature.asc
Description: This is a digitally signed message part