code.ossystems Code Review - meta-freescale.git/commit

author	Adrian Dudau <adrian.dudau@enea.com>
	Mon, 31 Oct 2016 14:53:01 +0000 (15:53 +0100)
committer	Otavio Salvador <otavio@ossystems.com.br>
	Mon, 31 Oct 2016 19:45:19 +0000 (17:45 -0200)
commit	7717fe4a8ffd57c85e6c43e8de1fab8993b2bf08
tree	2027004a40cce7f6d2f4b1640d0d7b3d6cfc9e45	tree \| snapshot
parent	fc7d08fcf4143b7af7df7ff88654d8acfaf79f42	commit \| diff

linux-qoriq: fix CVE-2016-5696

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not
properly determine the rate of challenge ACK segments, which
makes it easier for man-in-the-middle attackers to hijack TCP
sessions via a blind in-window attack.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=5413f1a526d2d51d7a5768133c90936c017165c6

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=72c2d3bccaba4a0a4de354f9d2d24eccd05bfccf (This a follow-up
to "tcp: make challenge acks less predictable)

Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

recipes-kernel/linux/linux-qoriq/CVE-2016-5696-limiting-of-all-challenge.patch	[new file with mode: 0644]	blob
recipes-kernel/linux/linux-qoriq/CVE-2016-5696-make-challenge-acks-less-predictable.patch	[new file with mode: 0644]	blob
recipes-kernel/linux/linux-qoriq_4.1.bb		diff \| blob \| history