diff --git a/kernel-debug.changes b/kernel-debug.changes index 3e16d3f0..30d07876 100644 --- a/kernel-debug.changes +++ b/kernel-debug.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-debug.spec b/kernel-debug.spec index 3fc9e0a6..08c831c1 100644 --- a/kernel-debug.spec +++ b/kernel-debug.spec @@ -63,7 +63,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-default.changes b/kernel-default.changes index 3e16d3f0..30d07876 100644 --- a/kernel-default.changes +++ b/kernel-default.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-default.spec b/kernel-default.spec index 1db433be..ba24cf94 100644 --- a/kernel-default.spec +++ b/kernel-default.spec @@ -63,7 +63,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-docs.changes b/kernel-docs.changes index 3e16d3f0..30d07876 100644 --- a/kernel-docs.changes +++ b/kernel-docs.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-docs.spec b/kernel-docs.spec index a447bd10..505d4c54 100644 --- a/kernel-docs.spec +++ b/kernel-docs.spec @@ -29,7 +29,7 @@ License: GPL-2.0 Group: Documentation/Man Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-lpae.changes b/kernel-lpae.changes index 3e16d3f0..30d07876 100644 --- a/kernel-lpae.changes +++ b/kernel-lpae.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-lpae.spec b/kernel-lpae.spec index 3a9fac6a..af42c286 100644 --- a/kernel-lpae.spec +++ b/kernel-lpae.spec @@ -63,7 +63,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes index 3e16d3f0..30d07876 100644 --- a/kernel-obs-build.changes +++ b/kernel-obs-build.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec index 5c34a1e3..824f6b25 100644 --- a/kernel-obs-build.spec +++ b/kernel-obs-build.spec @@ -53,7 +53,7 @@ License: GPL-2.0 Group: SLES Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes index 3e16d3f0..30d07876 100644 --- a/kernel-obs-qa.changes +++ b/kernel-obs-qa.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec index f9a7d555..0ab7ade6 100644 --- a/kernel-obs-qa.spec +++ b/kernel-obs-qa.spec @@ -38,7 +38,7 @@ License: GPL-2.0 Group: SLES Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-pae.changes b/kernel-pae.changes index 3e16d3f0..30d07876 100644 --- a/kernel-pae.changes +++ b/kernel-pae.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-pae.spec b/kernel-pae.spec index dda241d9..867887c2 100644 --- a/kernel-pae.spec +++ b/kernel-pae.spec @@ -63,7 +63,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-source.changes b/kernel-source.changes index 3e16d3f0..30d07876 100644 --- a/kernel-source.changes +++ b/kernel-source.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-source.spec b/kernel-source.spec index 72860330..f1ac82c0 100644 --- a/kernel-source.spec +++ b/kernel-source.spec @@ -32,7 +32,7 @@ License: GPL-2.0 Group: Development/Sources Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-syms.changes b/kernel-syms.changes index 3e16d3f0..30d07876 100644 --- a/kernel-syms.changes +++ b/kernel-syms.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-syms.spec b/kernel-syms.spec index f07bc151..bfc2b7a2 100644 --- a/kernel-syms.spec +++ b/kernel-syms.spec @@ -27,7 +27,7 @@ Group: Development/Sources Version: 4.5.1 %if %using_buildservice %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/kernel-vanilla.changes b/kernel-vanilla.changes index 3e16d3f0..30d07876 100644 --- a/kernel-vanilla.changes +++ b/kernel-vanilla.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Apr 19 14:04:21 CEST 2016 - mkubecek@suse.cz + +- netfilter: x_tables: fix unconditional helper (CVE-2016-3134 + bsc#971126). +- netfilter: x_tables: make sure e->next_offset covers remaining + blob size (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: validate e->target_offset early + (CVE-2016-3134 bsc#971126). +- netfilter: x_tables: check for size overflow (CVE-2016-3135 + bsc#970904). +- commit 99697f1 + +------------------------------------------------------------------- +Tue Apr 19 14:02:14 CEST 2016 - mkubecek@suse.cz + +- series.conf: move netfilter section right after core networking +- commit 9105886 + ------------------------------------------------------------------- Mon Apr 18 11:17:41 CEST 2016 - jslaby@suse.cz diff --git a/kernel-vanilla.spec b/kernel-vanilla.spec index 4ff38d7f..5e0e3c22 100644 --- a/kernel-vanilla.spec +++ b/kernel-vanilla.spec @@ -63,7 +63,7 @@ License: GPL-2.0 Group: System/Kernel Version: 4.5.1 %if 0%{?is_kotd} -Release: .gda73f3b +Release: .g99697f1 %else Release: 0 %endif diff --git a/patches.fixes.tar.bz2 b/patches.fixes.tar.bz2 index 33a6791e..2d5e1309 100644 --- a/patches.fixes.tar.bz2 +++ b/patches.fixes.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a949162694214d42191c94b444823fa262621e03735db57edef20e8cff8e6215 -size 6638 +oid sha256:61be17d215b9bba44263ea919da7c6fe02f2731e58ebcc78821c950cab8c1cb2 +size 10582 diff --git a/series.conf b/series.conf index d972692b..0ee1d708 100644 --- a/series.conf +++ b/series.conf @@ -226,6 +226,15 @@ # Networking, IPv6 ######################################################## + ######################################################## + # Netfilter + ######################################################## + patches.suse/netfilter-ip_conntrack_slp.patch + patches.fixes/netfilter-x_tables-check-for-size-overflow.patch + patches.fixes/netfilter-x_tables-validate-e-target_offset-early.patch + patches.fixes/netfilter-x_tables-make-sure-e-next_offset-covers-re.patch + patches.fixes/netfilter-x_tables-fix-unconditional-helper.patch + ######################################################## # NFS ######################################################## @@ -291,12 +300,6 @@ # Swap-over-NFS ######################################################## - ######################################################## - # Netfilter - ######################################################## - - patches.suse/netfilter-ip_conntrack_slp.patch - ######################################################## # # Device drivers diff --git a/source-timestamp b/source-timestamp index 2725c87d..5f6f1c8d 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2016-04-18 11:17:41 +0200 -GIT Revision: da73f3ba0cbb67f7c21bfba4fb404d25f70576d3 +2016-04-19 14:04:23 +0200 +GIT Revision: 99697f126e38e36d91a67f48998e4a10df1f2a87 GIT Branch: stable