group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #36714
[Bug 1890796] Re: ipsec: policy priority management is broken
This bug was fixed in the package linux-oem-5.6 - 5.6.0-1023.23
---------------
linux-oem-5.6 (5.6.0-1023.23) focal; urgency=medium
* focal/linux-oem-5.6: 5.6.0-1023.23 -proposed tracker (LP: #1892465)
* CVE-2020-15852
- x86/ioperm: Fix io bitmap invalidation on Xen PV
* Fix non-working USB devices plugged during system sleep (LP: #1892678)
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set
* ASPM not enabled on child devices behind VMD controller (LP: #1889384)
- SAUCE: PCI/ASPM: Enable ASPM for links under VMD domain
* Fix non-working Goodix touchpad after system sleep (LP: #1891998)
- HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
* [SRU] Fix acpi backlight issue on some thinkpads (LP: #1892010)
- platform/x86: thinkpad_acpi: not loading brightness_init when _BCL invalid
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
-- Timo Aaltonen <timo.aaltonen@xxxxxxxxxxxxx> Tue, 25 Aug 2020
08:46:08 +0300
** Changed in: linux-oem-5.6 (Ubuntu Focal)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15852
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1890796
Title:
ipsec: policy priority management is broken
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe package in Ubuntu:
Invalid
Status in linux-oem-5.6 package in Ubuntu:
Invalid
Status in linux source package in Xenial:
Fix Released
Status in linux-hwe source package in Xenial:
Invalid
Status in linux-oem-5.6 source package in Xenial:
Invalid
Status in linux source package in Bionic:
Fix Committed
Status in linux-hwe source package in Bionic:
Fix Committed
Status in linux-oem-5.6 source package in Bionic:
Invalid
Status in linux source package in Focal:
Fix Committed
Status in linux-hwe source package in Focal:
Invalid
Status in linux-oem-5.6 source package in Focal:
Fix Released
Bug description:
[Impact]
When the user tries to update the priority field of a SP, the SP is
not updated *AND* a new SP is created. This results to a broken IPsec
configuration.
This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm: policy: match with both mark and mask on user interfaces"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f47e8ab6ab7
[Test Case]
root@dut-vm:~# uname -a
Linux dut-vm 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@dut-vm:~# ip xfrm policy flush
root@dut-vm:~# ip xfrm policy
root@dut-vm:~# ip xfrm policy add src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in action allow priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~# ip xfrm policy update src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~#
=> Now, there is 2 SP instead of 1.
[Regression Potential]
The patch affects the xfrm stack only. Thus, the potential regressions
are limited to this area.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890796/+subscriptions
