blob: 3ddcf01fbb41485632b7941706947fa81479d932 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Description: tcp: Information leakage through limited randomness in source port selection
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2064604
Notes:
carnil> Fixed in 5.17.9 for 5.17.y. For older series only one commit
carnil> was applied so far (5.10.117, 4.19.244) and needs check what is
carnil> actually needed.
carnil> Does the backported commit help mitigating the issue? The fix
carnil> is AFAIU not truncating to 32bit the output, but use the 64bits
carnil> of SipHash for the port offset calculation.
carnil> The main part seems to be b2d057560b81 ("secure_seq: use the 64
carnil> bits of the siphash for port offset calculation") in 5.18-rc6
carnil> which is backported to 5.10.119 as well and will as well land
carnil> in 4.19.246.
Bugs:
upstream: released (5.18-rc6) [b2d057560b8107c633b39aabe517ff9d93f285e3, 9e9b70ae923baf2b5e8a0ea4fd0c8451801ac526, 4dfa9b438ee34caca4e6a4e5e961641807367f6f, ca7af0402550f9a0b3316d5f1c30904e42ed257d, e9261476184be1abd486c9434164b2acbe0ed6c2, 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5, e8161345ddbb66e449abde10d2fdce93f867eba9]
5.10-upstream-stable: released (5.10.117) [d254309aab27fdcdc68e6bc9c663e51f3e7b37dc], released (5.10.119) [a5c68f457fbf52c5564ca4eea03f84776ef14e41]
4.19-upstream-stable: released (4.19.244) [abcf4e1277d169b82dd7ee290006487ed16016ce], released (4.19.246) [695309c5c71526d32f5539f008bbf20ed2218528]
4.9-upstream-stable: needed
sid: released (5.17.11-1)
5.10-bullseye-security: pending (5.10.120-1)
4.19-buster-security: needed
4.9-stretch-security: needed
|
