001b81b...
by
Pablo Neira Ayuso <email address hidden>
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.
Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.
Reported-by: Davide Ornaghi <email address hidden>
Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <email address hidden>
(cherry picked from commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 net.git)
CVE-2023-0179
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Luke Nowakowski-Krijger <email address hidden>
Kernels have a set of builtin trusted and revoked certificates as a
bundle.
It is not very easy to access them, one needs to either download linux
kernel package source code; or boot the kernel to look up builtin hashes;
and then find certificates externally.
It would be more convenient for inspection to expose these in the
buildinfo package, which already exposes auxiliary kernel information.
Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Tim Gardner <email address hidden>
Acked-by: Cory Todd <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
Signed-off-by: Dimitri John Ledkov <email address hidden>
Update revocations, which match the next Ubuntu shim v15.7
revocations. Specifically - revoke certs that were previously
protected with by-hash revocations, revoke lost/unused certificates.
Kernels with this patch applied should be signed using ubuntu/4 pro/3
core/2 signing streams.
TPM PCR values and measurements will change when changing the signing
key.
Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Luke Nowakowski-Krijger <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>
By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases
multiple times and eventually it will wrap around the maximum number
(i.e., 255).
This patch prevents this by adding a boundary check with
L2CAP_MAX_CONF_RSP