5 Feb
2019
5 Feb
'19
6:41 p.m.
On Tue, Feb 05, 2019 at 06:26:23PM +0000, Ben Hutchings wrote:
This is a backport of upstream changes to fix the FragmentSmack (CVE- 2018-5391) vulnerability.
Peter Oskolkov checked an earlier version of this backport, but I have since rebased and added another 3 commits to it. I tested with the ip_defrag.sh self-test that he added upstream, and it passed. I have included the fix that is currently queued for the 4.9, 4.14 and 4.19 branches.
That's a lot of patches, some of which I have already queued up in the next 4.4 release which will happen in a day or so. Are they all still needed after the changes there are merged?
thanks,
greg k-h