Security fixes for 4.9

Security fixes for 4.9

[Ben Hutchings]

[-- Attachment #1: Type: text/plain, Size: 637 bytes --]

I've backported a number of fixes for security issues affecting 4.9-
stable.  All of these are already fixed in 4.14-stable and 4.19-stable.

Most of the issues involve filesystem validation, and I tested with the
reproducers where available.

For the BPF fix, I verified that the self-tests (taken from 4.14)
didn't regress and temporarily added logging to check that the
mitigation is applied when needed.

Ben.

-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

[-- Attachment #2: security-4.9.mbox --]
[-- Type: application/mbox, Size: 300634 bytes --]

Re: Security fixes for 4.9

[Greg Kroah-Hartman]

On Thu, Dec 06, 2018 at 02:19:34PM +0000, Ben Hutchings wrote:
> I've backported a number of fixes for security issues affecting 4.9-
> stable.��All of these are already fixed in 4.14-stable and 4.19-stable.
> 
> Most of the issues involve filesystem validation, and I tested with the
> reproducers where available.
> 
> For the BPF fix, I verified that the self-tests (taken from 4.14)
> didn't regress and temporarily added logging to check that the
> mitigation is applied when needed.

Many thanks for tehse all now queued up.

greg k-h

Security fixes for 4.9

[Ben Hutchings]

Please cherry-pick the following commits for 4.9-stable:

fdf7cb4185b6 mac80211: accept key reinstall without changing anything
2bdd713b92a9 mac80211: use constant time comparison with keys
cfbb0d90a7ab mac80211: don't compare TKIP TX MIC key in reinstall prevention
fc27fe7e8dee ALSA: seq: Cancel pending autoload work at unbinding device
7c80f9e4a588 usb: usbtest: fix NULL pointer dereference
ea04efee7635 Input: ims-psu - check if CDC union descriptor is sane

For the ALSA seq fix, you'll need to change the patched filename from
sound/core/seq_device.c to sound/core/seq/seq_device.c.  The rest
should apply cleanly.

Ben.

-- 
Ben Hutchings
Software Developer, Codethink Ltd.

Re: Security fixes for 4.9

[Greg Kroah-Hartman]

On Wed, Nov 15, 2017 at 04:55:05PM +0000, Ben Hutchings wrote:
> Please cherry-pick the following commits for 4.9-stable:
> 
> fdf7cb4185b6 mac80211: accept key reinstall without changing anything
> 2bdd713b92a9 mac80211: use constant time comparison with keys
> cfbb0d90a7ab mac80211: don't compare TKIP TX MIC key in reinstall prevention
> fc27fe7e8dee ALSA: seq: Cancel pending autoload work at unbinding device
> 7c80f9e4a588 usb: usbtest: fix NULL pointer dereference
> ea04efee7635 Input: ims-psu - check if CDC union descriptor is sane
> 
> For the ALSA seq fix, you'll need to change the patched filename from
> sound/core/seq_device.c to sound/core/seq/seq_device.c.  The rest
> should apply cleanly.

Ah, thanks for the seqfile fix, I missed that file move.  Now all queued
up.

greg k-h