kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #186287
[Bug 1568969] Re: FDB table grows out of control
This bug was fixed in the package linux - 3.13.0-91.138
---------------
linux (3.13.0-91.138) trusty; urgency=medium
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1595991
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
* netfilter: x_tables: validate targets of jumps
- LP: #1595350
* netfilter: x_tables: add and use xt_check_entry_offsets
- LP: #1595350
* netfilter: x_tables: kill check_entry helper
- LP: #1595350
* netfilter: x_tables: assert minimum target size
- LP: #1595350
* netfilter: x_tables: add compat version of xt_check_entry_offsets
- LP: #1595350
* netfilter: x_tables: check standard target size too
- LP: #1595350
* netfilter: x_tables: check for bogus target offset
- LP: #1595350
* netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
* netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
* netfilter: arp_tables: simplify translate_compat_table args
- LP: #1595350
* netfilter: ip_tables: simplify translate_compat_table args
- LP: #1595350
* netfilter: ip6_tables: simplify translate_compat_table args
- LP: #1595350
* netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- LP: #1595350
* netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
* netfilter: x_tables: introduce and use xt_copy_counters_from_user
- LP: #1595350
linux (3.13.0-90.137) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1595693
[ Serge Hallyn ]
* SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350
linux (3.13.0-89.136) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1591315
[ Kamal Mostafa ]
* [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
* [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890
[ Stefan Bader ]
* SAUCE: powerpc/powernv: Fix incomplete backport of 8117ac6
- LP: #1589910
[ Tim Gardner ]
* [Config] Remove arc4 from nic-modules
- LP: #1582991
[ Upstream Kernel Changes ]
* KVM: x86: move steal time initialization to vcpu entry time
- LP: #1494350
* lpfc: Fix premature release of rpi bit in bitmask
- LP: #1580560
* lpfc: Correct loss of target discovery after cable swap.
- LP: #1580560
* mm/balloon_compaction: redesign ballooned pages management
- LP: #1572562
* mm/balloon_compaction: fix deflation when compaction is disabled
- LP: #1572562
* bridge: Fix the way to find old local fdb entries in br_fdb_changeaddr
- LP: #1581585
* bridge: notify user space after fdb update
- LP: #1581585
* ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
- LP: #1580379
- CVE-2016-4569
* ALSA: timer: Fix leak in events via snd_timer_user_ccallback
- LP: #1581866
- CVE-2016-4578
* ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
- LP: #1581866
- CVE-2016-4578
* net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
* get_rock_ridge_filename(): handle malformed NM entries
- LP: #1583962
- CVE-2016-4913
* netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
* USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
* IB/security: Restrict use of the write() interface
- LP: #1580372
- CVE-2016-4565
* netlink: autosize skb lengthes
- LP: #1568969
* xfs: allow inode allocations in post-growfs disk space
- LP: #1560142
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Fri, 24 Jun 2016
16:19:03 +0100
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3134
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4482
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4565
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4569
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4578
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4580
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4913
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1568969
Title:
FDB table grows out of control
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Released
Status in linux source package in Wily:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Bug description:
The forwarding database (FDB) grows out of control after too many broadcast entries are entered under the same interface.
I've written a test script to reproduce the bug here using virtual box:
https://github.com/dlevy-ibm/fdb_bug
Also filed here: https://bugzilla.kernel.org/show_bug.cgi?id=116141
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-83-generic 3.13.0-83.127
ProcVersionSignature: Ubuntu 3.13.0-83.127-generic 3.13.11-ckt35
Uname: Linux 3.13.0-83-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 11 16:36 seq
crw-rw---- 1 root audio 116, 33 Apr 11 16:36 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory: 'iw'
Date: Mon Apr 11 16:45:55 2016
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1: unable to initialize libusb: -99
MachineType: innotek GmbH VirtualBox
PciMultimedia:
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-83-generic root=UUID=a742ba82-8430-4d30-b747-99c9c9af3168 ro console=tty1 console=ttyS0
RelatedPackageVersions:
linux-restricted-modules-3.13.0-83-generic N/A
linux-backports-modules-3.13.0-83-generic N/A
linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1568969/+subscriptions
References