Bug#740041: marked as done (xen-netfront: reduce gso_max_size to account for max TCP header)
Your message dated Wed, 07 May 2014 22:54:35 +0000
with message-id <E1WiAjT-0002Vq-Bu@franck.debian.org>
and subject line Bug#740041: fixed in user-mode-linux 2.6.32-1um-4+48squeeze5
has caused the Debian Bug report #740041,
regarding xen-netfront: reduce gso_max_size to account for max TCP header
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
740041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740041
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: "Debian Bug Submission" <submit@bugs.debian.org>
- Subject: xen-netfront: reduce gso_max_size to account for max TCP header
- From: Kris Shannon <kris@shannon.id.au>
- Date: Tue, 25 Feb 2014 16:25:48 +1100
- Message-id: <530C295C.5000404@shannon.id.au>
Source: linux-2.6
Version: 2.6.32-48
Control: found -1 linux/3.2.41-2+deb7u2
Control: fixed -1 linux/3.2.51-1
Separate bug for domU (xen-netfront) side of Bug #701744 as requested in
https://lists.debian.org/debian-kernel/2014/02/msg00297.html <1393274681.6823.101.camel@deadeye.wl.decadent.org.uk>
Summary:
The security fix for XSA-39 revealed a GSO size calculation bug.
Patches for both xen-netback and xen-netfront were created and fixed upstream.
Either patch was enough to fix the regression and a work-around (turning off GSO) was found.
Bug #701744 was closed with the backporting of the xen-netback patch to both the Squeeze and Wheezy kernels.
The xen-netfront patch was backported to the 3.2.47 kernel and included in the Debian Wheezy kernel 3.2.51-1
--- End Message ---
--- Begin Message ---
- To: 740041-close@bugs.debian.org
- Subject: Bug#740041: fixed in user-mode-linux 2.6.32-1um-4+48squeeze5
- From: dann frazier <dannf@debian.org>
- Date: Wed, 07 May 2014 22:54:35 +0000
- Message-id: <E1WiAjT-0002Vq-Bu@franck.debian.org>
Source: user-mode-linux
Source-Version: 2.6.32-1um-4+48squeeze5
We believe that the bug you reported is fixed in the latest version of
user-mode-linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 740041@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated user-mode-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 24 Apr 2014 17:56:13 -0600
Source: user-mode-linux
Binary: user-mode-linux
Architecture: source amd64
Version: 2.6.32-1um-4+48squeeze5
Distribution: squeeze-security
Urgency: high
Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
user-mode-linux - User-mode Linux (kernel)
Closes: 740041
Changes:
user-mode-linux (2.6.32-1um-4+48squeeze5) squeeze-security; urgency=high
.
* Rebuild against linux-source-2.6.32 (2.6.32-48squeeze5):
* cciss: fix info leak in cciss_ioctl32_passthru() (CVE-2013-2147)
* cpqarray: fix info leak in ida_locked_ioctl() (CVE-2013-2147)
* HID: LG: validate HID output report details (CVE-2013-2893)
* HID: zeroplus: validate output report details (CVE-2013-2889)
* HID: provide a helper for validating hid reports (required by
(CVE-2013-2889 and CVE-2013-2893)
* ipv6: handling of temporary addresses (CVE-2013-0343)
* ipv6: panic with UDP_CORK sockets (CVE-2013-4162)
* dm snapshot: fix data corruption (CVE-2013-4299)
* crypto: ansi_cprng - Fix off by one error in non-block size request
(CVE-2013-4345)
* uio: privilege escalation (CVE-2013-4511)
* uml: check length in exitcode_proc_write() (CVE-2013-4512)
* KVM: Validate VCPU parameter (CVE-2013-4587)
* ipvs: Add boundary check on ioctl arguments (CVE-2013-4588)
* aacraid: prevent invalid pointer dereference (CVE-2013-6380)
* qeth: avoid buffer overflow in snmp ioctl (CVE-2013-6381)
* aacraid: missing capable() check in compat ioctl (CVE-2013-6383)
* Various socket leaks (Initially CVE-2013-6405, later split into
CVE-2013-7263, CVE-2013-7264 and CVE-2013-7265)
* xen-netfront: reduce gso_max_size to account for max TCP header
(Closes: #740041)
* exec/ptrace: fix get_dumpable() incorrect tests (CVE-2103-2929)
* KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
* xfs: underflow bug in xfs_attrlist_by_handle() (CVE-2013-6382)
* farsync: fix info leak in ioctl (CVE-2014-1444)
* wanxl: fix info leak in ioctl (CVE-2014-1445)
* hamradio/yam: fix info leak in ioctl (CVE-2014-1446)
* net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
(CVE-2014-0101)
* SELinux: Fix kernel BUG on empty security contexts (CVE-2014-1874)
* s390: fix kernel crash due to linkage stack instructions (CVE-2014-2039)
* netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
(CVE-2014-2523)
* rds: prevent dereference of a NULL device (CVE-2013-7339)
Checksums-Sha1:
ae600f9404d8cc7da994f6abfa5a685a9d43dbe6 2053 user-mode-linux_2.6.32-1um-4+48squeeze5.dsc
8b49c2a391e14d0ebd7fa44c35cbc98100378fef 26276 user-mode-linux_2.6.32-1um-4+48squeeze5.diff.gz
c60b2eb304e9e0d042d70364e3d1e50bd72625b3 7087346 user-mode-linux_2.6.32-1um-4+48squeeze5_amd64.deb
Checksums-Sha256:
ff05a3bac0f0e0b50e9f2ba64fcfc09d8f3540f8035ce4a564dfc9543d1ff601 2053 user-mode-linux_2.6.32-1um-4+48squeeze5.dsc
a03cd9dbe1fa0f4d6012435d3fceeb63a3b8e152b2f5e545d4eba2cc3ad65676 26276 user-mode-linux_2.6.32-1um-4+48squeeze5.diff.gz
0c36a0de35ba39d7884b5c234d2dd36b0cf585d5134149995e6e620ee3090b70 7087346 user-mode-linux_2.6.32-1um-4+48squeeze5_amd64.deb
Files:
17d04d52fd70fb5b76b102024328b1fb 2053 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze5.dsc
6e6c06811b611dd92549d0ef0caeeda3 26276 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze5.diff.gz
1fa06189c0c5635ed4b887222b2a421c 7087346 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTWeXQAAoJEBv4PF5U/IZACQgQAIFHw/D2fy4xn3e1iz5HcBuJ
JLYPPzX6cRXfx3D9TqwGOtj7NsqcV21yDarUdQvH1I0UL+MipxLWILAT52Bg7WvW
Rq/lcOFy3vOlg7o/RgeaEAH++ZCgEUmcgld1cvjp86e8OexkCPqscvNIIpCulwEU
8tOJdpx70E2IZJsBElZnFl7zmzPnf45PL9N/wD7TW8YrZuF4YEuSt7glM+VzmzgK
PmiPUKfjR8/Xy1vPCU9uEK5gITIbK9+UIjS1N/uvl4c3T+FjfjaHz2mDZ0gRhgkp
S9JRUkHzYUKSNH50WU+Pwgc+NrSBsauiWraNxmNZzZwnYUh7IaJ8jW0koGskD/oP
4o0k8RGG7iEJGLej54h7IGB4gseOOGjcDZHTZGNr24a5LbBSIw/69HCeAyhpxlRU
YuDd1vcjOrgD4ppjAXRkbZhlWceOdNGPgwKdluzPA3Ab0OKASZUOp0VIr39BfbMP
+s0kBbUY976zFU95mRGpcO6yuWNqPE3/MofFzssLAh0SS+kz3mtR82O+a6HZh6Wo
rp6iiGtzlDzhwdCCS4OI3zcW0/Myu7YkuNq3moY/ODHztQi79utQVmq5PoHhXp1e
pGCF5/AfmREadtwdB1FCvLHC9265ebj2/FzSwFQHcCB58ZfF1kVs7oSL2uwDuQex
EgLrUPiSIgg7JlJCnQXZ
=qy8G
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: