group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1685892] Re: CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1685892@xxxxxxxxxxxxxxxxxx>
Date: Tue, 16 May 2017 10:58:30 -0000
Reply-to: Bug 1685892 <1685892@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package linux-hwe - 4.8.0-52.55~16.04.1

---------------
linux-hwe (4.8.0-52.55~16.04.1) xenial; urgency=low

  * linux-hwe: 4.8.0-52.55~16.04.1 -proposed tracker (LP: #1686978)

  * linux: 4.8.0-52.55 -proposed tracker (LP: #1686976)

  * CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec (LP: #1685892)
    - macsec: avoid heap overflow in skb_to_sgvec
    - macsec: dynamically allocate space for sglist

  * net/ipv4: original ingress device index set as the loopback interface.
    (LP: #1683982)
    - net: fix incorrect original ingress device index in PKTINFO

  * Touchpad not working correctly after kernel upgrade (LP: #1662589)
    - Input: ALPS - fix V8+ protocol handling (73 03 28)

  * ifup service of network device stay active after driver stop (LP: #1672144)
    - net: use net->count to check whether a netns is alive or not

  * [Hyper-V] mkfs regression in kernel 4.4+ (LP: #1682215)
    - block: relax check on sg gap

  * Potential memory corruption with capi adapters (LP: #1681469)
    - powerpc/mm: Add missing global TLB invalidate if cxl is active

  * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
    image (LP: #1650058)
    - net/mlx4_en: Fix bad WQE issue
    - net/mlx4_core: Fix racy CQ (Completion Queue) free
    - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT
      transitions
    - net/mlx4_core: Avoid command timeouts during VF driver device shutdown

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Fri, 28 Apr 2017 12:17:12
+0200

** Changed in: linux-hwe (Ubuntu Xenial)
       Status: In Progress => Fix Released

** Changed in: linux-hwe (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1685892

Title:
  CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec

Status in linux package in Ubuntu:
  New
Status in linux-hwe package in Ubuntu:
  New
Status in linux source package in Xenial:
  Invalid
Status in linux-hwe source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in linux-hwe source package in Yakkety:
  Invalid
Status in linux source package in Zesty:
  Fix Released
Status in linux-hwe source package in Zesty:
  Invalid

Bug description:
  Please apply
  https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee

  (See also http://www.openwall.com/lists/oss-security/2017/04/24/4 )

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1685892/+subscriptions

References

[Bug 1685892] [NEW] macsec: avoid heap overflow in skb_to_sgvec
From: Steve Beattie, 2017-04-24