Public bug reported:
* Explain the bug(s)
Conntrack confirm operation wasn't checked, this could result in
accepting packet which should be dropped.
* brief explanation of fixes
Match behavior of ovs and netfilter. Drop the packets which are not
accepted.
* How to test
First observe packets accepted with status of NF_DROP without the fix.
Then observe packets are correctly dropped with the patch.
* What it could break.
Nothing breaks, but fixing security hole.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934819
Title:
Fix err check for nf_conntrack_confirm
Status in linux-bluefield package in Ubuntu:
New
Bug description:
* Explain the bug(s)
Conntrack confirm operation wasn't checked, this could result in
accepting packet which should be dropped.
* brief explanation of fixes
Match behavior of ovs and netfilter. Drop the packets which are not
accepted.
* How to test
First observe packets accepted with status of NF_DROP without the fix.
Then observe packets are correctly dropped with the patch.
* What it could break.
Nothing breaks, but fixing security hole.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1934819/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
