[Kernel-packages] [Bug 1685892] Re: CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec

Launchpad Bug Tracker Tue, 16 May 2017 04:12:25 -0700

This bug was fixed in the package linux-hwe - 4.8.0-52.55~16.04.1

---------------
linux-hwe (4.8.0-52.55~16.04.1) xenial; urgency=low


  * linux-hwe: 4.8.0-52.55~16.04.1 -proposed tracker (LP: #1686978)

  * linux: 4.8.0-52.55 -proposed tracker (LP: #1686976)

  * CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec (LP: #1685892)
    - macsec: avoid heap overflow in skb_to_sgvec
    - macsec: dynamically allocate space for sglist

  * net/ipv4: original ingress device index set as the loopback interface.
    (LP: #1683982)
    - net: fix incorrect original ingress device index in PKTINFO

  * Touchpad not working correctly after kernel upgrade (LP: #1662589)
    - Input: ALPS - fix V8+ protocol handling (73 03 28)

  * ifup service of network device stay active after driver stop (LP: #1672144)
    - net: use net->count to check whether a netns is alive or not

  * [Hyper-V] mkfs regression in kernel 4.4+ (LP: #1682215)
    - block: relax check on sg gap

  * Potential memory corruption with capi adapters (LP: #1681469)
    - powerpc/mm: Add missing global TLB invalidate if cxl is active

  * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
    image (LP: #1650058)
    - net/mlx4_en: Fix bad WQE issue
    - net/mlx4_core: Fix racy CQ (Completion Queue) free
    - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to 
VGT
      transitions
    - net/mlx4_core: Avoid command timeouts during VF driver device shutdown

 -- Stefan Bader <stefan.ba...@canonical.com>  Fri, 28 Apr 2017 12:17:12
+0200

** Changed in: linux-hwe (Ubuntu Xenial)
       Status: In Progress => Fix Released

** Changed in: linux-hwe (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1685892

Title:
  CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec

Status in linux package in Ubuntu:
  New
Status in linux-hwe package in Ubuntu:
  New
Status in linux source package in Xenial:
  Invalid
Status in linux-hwe source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in linux-hwe source package in Yakkety:
  Invalid
Status in linux source package in Zesty:
  Fix Released
Status in linux-hwe source package in Zesty:
  Invalid

Bug description:
  Please apply
  
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee

  (See also http://www.openwall.com/lists/oss-security/2017/04/24/4 )

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1685892/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1685892] Re: CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec

Reply via email to