Re: CVE-2019-11683

2019-05-04 Thread Reindl Harald
Am 04.05.19 um 18:43 schrieb Eric Dumazet: > In any case, this discussion has nothing to do with netdev@ > > Are you suggesting that we should not fix bugs at given period of times, > just because a 'release of some stable kernel' happened one day before? sorry to get cynical but that's likely

Re: CVE-2019-11683

2019-05-04 Thread Eric Dumazet
On 5/4/19 12:39 PM, Reindl Harald wrote: > > > Am 04.05.19 um 18:32 schrieb Eric Dumazet: >> On 5/4/19 12:13 PM, Reindl Harald wrote: >>> >>> ok, so the answer is no >>> >>> what's the point then release every 2 days a new "stable" kernel? >>> even distributions like Fedora are not able to cop

Re: CVE-2019-11683

2019-05-04 Thread Stephen Hemminger
On Sat, 4 May 2019 18:39:15 +0200 Reindl Harald wrote: > Am 04.05.19 um 18:32 schrieb Eric Dumazet: > > On 5/4/19 12:13 PM, Reindl Harald wrote: > >> > >> ok, so the answer is no > >> > >> what's the point then release every 2 days a new "stable" kernel? > >> even distributions like Fedora are

Re: CVE-2019-11683

2019-05-04 Thread Reindl Harald
Am 04.05.19 um 18:32 schrieb Eric Dumazet: > On 5/4/19 12:13 PM, Reindl Harald wrote: >> >> ok, so the answer is no >> >> what's the point then release every 2 days a new "stable" kernel? >> even distributions like Fedora are not able to cope with that > > That is a question for distros, not fo

Re: CVE-2019-11683

2019-05-04 Thread Eric Dumazet
On 5/4/19 12:13 PM, Reindl Harald wrote: > > > > ok, so the answer is no > > what's the point then release every 2 days a new "stable" kernel? > even distributions like Fedora are not able to cope with that That is a question for distros, not for netdev@ ?

Re: CVE-2019-11683

2019-05-04 Thread Reindl Harald
ently in e20cf8d3f1f7 >> ("udp: implement GRO for plain UDP sockets.") and only affects the 5.0 >> (stable) release (so the name is a bit overhyped :). >> >> CVE-2019-11683 description: >> >> udp_gro_receive_segment in net/ipv4/udp_offload.c in the Lin

Re: CVE-2019-11683

2019-05-04 Thread Eric Dumazet
n e20cf8d3f1f7 > ("udp: implement GRO for plain UDP sockets.") and only affects the 5.0 > (stable) release (so the name is a bit overhyped :). > > CVE-2019-11683 description: > > udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel > 5.x through 5.

CVE-2019-11683

2019-05-04 Thread Reindl Harald
release (so the name is a bit overhyped :). CVE-2019-11683 description: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact v