{"release":{"tag":{"name":"4.19.90-2210.1.0","path":"/openeuler/kernel/tags/4.19.90-2210.1.0","tree_path":"/openeuler/kernel/tree/4.19.90-2210.1.0","message":"4.19.90-2210.1.0","commit":{"id":"ffa9f2a5f9244bf305bf4635300316e45b58c590","short_id":"ffa9f2a","title":"netfilter: nf_conntrack_irc: Fix forged IP logic","title_markdown":"netfilter: nf_conntrack_irc: Fix forged IP logic","description":"\nstable inclusion\nfrom stable-v4.19.258\ncommit 3275f7804f40de3c578d2253232349b07c25f146\ncategory: bugfix\nbugzilla: https://gitee.com/src-openeuler/kernel/issues/I5OWZ7\nCVE: CVE-2022-2663\n\n---------------------------\n\n[ Upstream commit 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 ]\n\nEnsure the match happens in the right direction, previously the\ndestination used was the server, not the NAT host, as the comment\nshows the code intended.\n\nAdditionally nf_nat_irc uses port 0 as a signal and there's no valid way\nit can appear in a DCC message, so consider port 0 also forged.\n\nFixes: 869f37d8e48f (\"[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port\")\nSigned-off-by: David Leadbeater \u003Cdgl@dgl.cx\u003E\nSigned-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org\u003E\nSigned-off-by: Sasha Levin \u003Csashal@kernel.org\u003E\nSigned-off-by: Liu Jian \u003Cliujian56@huawei.com\u003E\nReviewed-by: Yue Haibing \u003Cyuehaibing@huawei.com\u003E\nReviewed-by: Xiu Jianfeng \u003Cxiujianfeng@huawei.com\u003E\nSigned-off-by: Yongqiang Liu \u003Cliuyongqiang13@huawei.com\u003E","description_markdown":"stable inclusion\nfrom stable-v4.19.258\ncommit 3275f7804f40de3c578d2253232349b07c25f146\ncategory: bugfix\nbugzilla: \u003Ca title=\"Issue: CVE-2022-2663\" class=\"gfm gfm-issue\" href=\"/open_euler/dashboard?issue_id=I5OWZ7\"\u003E#I5OWZ7\u003C/a\u003ECVE: CVE-2022-2663\n---------------------------\n[ Upstream commit 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 ]\nEnsure the match happens in the right direction, previously the\ndestination used was the server, not the NAT host, as the comment\nshows the code intended.\nAdditionally nf_nat_irc uses port 0 as a signal and there's no valid way\nit can appear in a DCC message, so consider port 0 also forged.\nFixes: 869f37d8e48f (\"[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port\")\nSigned-off-by: David Leadbeater \u003Ca href=\"mailto:dgl@dgl.cx\"\u003Edgl@dgl.cx\u003C/a\u003E\nSigned-off-by: Pablo Neira Ayuso \u003Ca href=\"mailto:pablo@netfilter.org\"\u003Epablo@netfilter.org\u003C/a\u003E\nSigned-off-by: Sasha Levin \u003Ca href=\"mailto:sashal@kernel.org\"\u003Esashal@kernel.org\u003C/a\u003E\nSigned-off-by: Liu Jian \u003Ca href=\"mailto:liujian56@huawei.com\"\u003Eliujian56@huawei.com\u003C/a\u003E\nReviewed-by: Yue Haibing \u003Ca href=\"mailto:yuehaibing@huawei.com\"\u003Eyuehaibing@huawei.com\u003C/a\u003E\nReviewed-by: Xiu Jianfeng \u003Ca href=\"mailto:xiujianfeng@huawei.com\"\u003Exiujianfeng@huawei.com\u003C/a\u003E\nSigned-off-by: Yongqiang Liu \u003Ca href=\"mailto:liuyongqiang13@huawei.com\"\u003Eliuyongqiang13@huawei.com\u003C/a\u003E","message":"netfilter: nf_conntrack_irc: Fix forged IP logic\n\nstable inclusion\nfrom stable-v4.19.258\ncommit 3275f7804f40de3c578d2253232349b07c25f146\ncategory: bugfix\nbugzilla: https://gitee.com/src-openeuler/kernel/issues/I5OWZ7\nCVE: CVE-2022-2663\n\n---------------------------\n\n[ Upstream commit 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 ]\n\nEnsure the match happens in the right direction, previously the\ndestination used was the server, not the NAT host, as the comment\nshows the code intended.\n\nAdditionally nf_nat_irc uses port 0 as a signal and there's no valid way\nit can appear in a DCC message, so consider port 0 also forged.\n\nFixes: 869f37d8e48f (\"[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port\")\nSigned-off-by: David Leadbeater \u003Cdgl@dgl.cx\u003E\nSigned-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org\u003E\nSigned-off-by: Sasha Levin \u003Csashal@kernel.org\u003E\nSigned-off-by: Liu Jian \u003Cliujian56@huawei.com\u003E\nReviewed-by: Yue Haibing \u003Cyuehaibing@huawei.com\u003E\nReviewed-by: Xiu Jianfeng \u003Cxiujianfeng@huawei.com\u003E\nSigned-off-by: Yongqiang Liu \u003Cliuyongqiang13@huawei.com\u003E\n","message_markdown":"netfilter: nf_conntrack_irc: Fix forged IP logic\nstable inclusion\nfrom stable-v4.19.258\ncommit 3275f7804f40de3c578d2253232349b07c25f146\ncategory: bugfix\nbugzilla: \u003Ca title=\"Issue: CVE-2022-2663\" class=\"gfm gfm-issue\" href=\"/open_euler/dashboard?issue_id=I5OWZ7\"\u003E#I5OWZ7\u003C/a\u003ECVE: CVE-2022-2663\n---------------------------\n[ Upstream commit 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 ]\nEnsure the match happens in the right direction, previously the\ndestination used was the server, not the NAT host, as the comment\nshows the code intended.\nAdditionally nf_nat_irc uses port 0 as a signal and there's no valid way\nit can appear in a DCC message, so consider port 0 also forged.\nFixes: 869f37d8e48f (\"[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port\")\nSigned-off-by: David Leadbeater \u003Ca href=\"mailto:dgl@dgl.cx\"\u003Edgl@dgl.cx\u003C/a\u003E\nSigned-off-by: Pablo Neira Ayuso \u003Ca href=\"mailto:pablo@netfilter.org\"\u003Epablo@netfilter.org\u003C/a\u003E\nSigned-off-by: Sasha Levin \u003Ca href=\"mailto:sashal@kernel.org\"\u003Esashal@kernel.org\u003C/a\u003E\nSigned-off-by: Liu Jian \u003Ca href=\"mailto:liujian56@huawei.com\"\u003Eliujian56@huawei.com\u003C/a\u003E\nReviewed-by: Yue Haibing \u003Ca href=\"mailto:yuehaibing@huawei.com\"\u003Eyuehaibing@huawei.com\u003C/a\u003E\nReviewed-by: Xiu Jianfeng \u003Ca href=\"mailto:xiujianfeng@huawei.com\"\u003Exiujianfeng@huawei.com\u003C/a\u003E\nSigned-off-by: Yongqiang Liu \u003Ca href=\"mailto:liuyongqiang13@huawei.com\"\u003Eliuyongqiang13@huawei.com\u003C/a\u003E","detail_path":"/openeuler/kernel/commit/ffa9f2a5f9244bf305bf4635300316e45b58c590","commits_path":"/openeuler/kernel/commits/ffa9f2a5f9244bf305bf4635300316e45b58c590","tree_path":"/openeuler/kernel/tree/ffa9f2a5f9244bf305bf4635300316e45b58c590","author":{"name":"David Leadbeater","email":"dgl@dgl.cx","username":null,"user_path":null,"enterprise_user_path":null,"image_path":"no_portrait.png#David Leadbeater-","is_gitee_user":false,"is_enterprise_user":null,"widget_url":null},"committer":{"name":"Yongqiang Liu","email":"duanzi@zju.edu.cn","username":null,"user_path":null,"enterprise_user_path":null,"image_path":"no_portrait.png#Yongqiang Liu-","is_gitee_user":false,"is_enterprise_user":null,"widget_url":null},"authored_date":"2022-10-10T09:37:45+00:00","committed_date":"2022-10-10T17:20:53+08:00","signature":null,"build_state":null},"archive_path":"/openeuler/kernel/repository/archive/4.19.90-2210.1.0","signature":null},"operating":{"edit":false,"download":true,"destroy":false,"enterprise_forbid_zip":false},"release":{"title":"openEuler 20.03 update 4.19.90-2210.1.0","path":"/openeuler/kernel/releases/tag/4.19.90-2210.1.0","tag_path":"/openeuler/kernel/tree/4.19.90-2210.1.0","project_id":7696525,"created_at":"2022-10-11T10:35:43+08:00","is_prerelease":false,"description":"# 1TASK\r\n-------\r\n\r\n# 4.19.90-2209.6.0~1...4.19.90-2210.1.0\r\n-------\r\n| TASK | COMMIT |\r\n|:----:|:------:|\r\n|     bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5OWZ7 | ffa9f2a5f924 netfilter: nf_conntrack_irc: Fix forged IP logic\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/src-openeuler/kernel/issues/I58WSQ | cc10dbacb1dd ext4: fix check for block being out of directory size\u003Cbr\u003Ed9dc377b05ac ext4: check if directory block is within i_size\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5TY3L | 01b1ec1d028f block: Fix UAF in bd_link_disk_holder()\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5T9C3 | e4fc0e51fa62 ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC\u003Cbr\u003E |\r\n|     bugzilla: 187597, https://gitee.com/openeuler/kernel/issues/I5QK5M | 3d14cd063f3c block: add a new config to control dispatching bios asynchronously\u003Cbr\u003Eb6a187aeb4e5 block: fix kabi broken in request_queue\u003Cbr\u003E8934afb98ea9 md: enable dispatching bio asynchronously for raid10 by default\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QK5M | c59d6d5326eb arm64/topology: getting preferred sibling's cpumask supported by platform\u003Cbr\u003Ef39ebff66fab block: support to dispatch bio asynchronously\u003Cbr\u003E4fc0fcd69713 block: add new fields in request_queue\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5PRMO | f82f6d687de5 md/raid10: convert resync_lock to use seqlock\u003Cbr\u003E1668533d0bff md/raid10: prevent unnecessary calls to wake_up() in fast path\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5R0X9 | b9f6a788aa40 mm: sharepool: fix potential AA deadlock\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QQPG | a541bd47b872 mm: sharepool: check size=0 in mg_sp_make_share_k2u()\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QETC | c6b3415aac21 mm: sharepool: delete redundant check in __sp_remap_get_pfn\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5TMYD | 589b2a6c4684 Revert \"cifs: fix double free race when mount fails in cifs_get_root()\"\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5SXSB | 64d37f3f3caf scsi: hisi_sas: Release resource directly in hisi_sas_abort_task() when NCQ error\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QDH7 | f32bc74ed208 scsi: hisi_sas: Enable force phy when SATA disk directly connected\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5Q63H | 63c0c05a2975 scsi: hisi_sas: Modify v3 HW ATA completion process when SATA disk is in error status\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5TIOZ | 46212545d397 sched: Fix invalid free for tsk-\u003Ese.dyn_affi_stats\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5SXLB | e71f2087d459 scsi: target: tcmu: Fix warning: 'page' may be used uninitialized\u003Cbr\u003Ed0b7519e412b scsi: target: tcmu: Fix crash on ARM during cmd completion\u003Cbr\u003E75a8f1b45e1d scsi: target: tcmu: Optimize use of flush_dcache_page\u003Cbr\u003E1981211d3dde scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5T8FD | ab099ea95a3a signal: fix deadlock caused by calling printk() under sighand-\u003Esiglock\u003Cbr\u003E027e26382a0e mm: fix missing handler for __GFP_NOWARN\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5SDUS | 7a3eccfa7ba9 KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog\u003Cbr\u003Eacb48d9d3483 KVM: x86: Adjust counter sample period after a wrmsr\u003Cbr\u003E83462301034e KVM: x86: Fix perfctr WRMSR for running counters\u003Cbr\u003E1dffed71ef36 perf/core: Provide a kernel-internal interface to recalibrate event period\u003Cbr\u003E0f1d33872aa3 media: em28xx: initialize refcount before kref_get\u003Cbr\u003Eb2297d934bcb mm: avoid potential deadlock tirgged by writing slab-attr-file\u003Cbr\u003Eae52ee4a8aeb ext4: fix use-after-free in ext4_ext_shift_extents\u003Cbr\u003Ef66997d9c183 quota: Add more checking after reading from quota file\u003Cbr\u003E1e9a49cfcc71 quota: Replace all block number checking with helper function\u003Cbr\u003E6c27d754cb5c quota: Check next/prev free block number after reading from quota file\u003Cbr\u003E27dfef318fd3 efi: capsule-loader: Fix use-after-free in efi_capsule_write\u003Cbr\u003E4b633c1e6d87 ipvlan: Fix out-of-bound bugs caused by unset skb-\u003Emac_header\u003Cbr\u003E89f5304b5bae mm/sharepool: Fix UAF reported by KASAN\u003Cbr\u003E9c7724ae4407 blk-mq: avoid extending delays of active hctx from blk_mq_delay_run_hw_queues\u003Cbr\u003Ef8f0da00a369 mm: mem_reliable: Start fallback if no suitable zone found\u003Cbr\u003E788ab096d688 net: hns3: update hns3 version to 22.9.2\u003Cbr\u003Ed494389a95f3 net: hns3: fix error resume keep alive when remove hclgevf\u003Cbr\u003E9d5f9988f3a7 perf bench futex-wake: Restore thread count default to online CPU count\u003Cbr\u003E8ea16c0e0012 selftests/bpf: Enlarge select() timeout for test_maps\u003Cbr\u003E861697b170c1 xfs: preserve default grace interval during quotacheck\u003Cbr\u003Ef04ab3c82886 i40e: Fix kernel crash during module removal\u003Cbr\u003E77ffc4652a7d i40e: Fix use-after-free in i40e_client_subtask()\u003Cbr\u003E7b3c334c3700 EDAC: skx_common: downgrade message importance on missing PCI device\u003Cbr\u003Ea4ee022d8e1c x86/entry/64: Don't compile ignore_sysret if 32-bit emulation is enabled\u003Cbr\u003E99b180a1d71f x86: Fix early boot crash on gcc-10, third try\u003Cbr\u003Ee38b3c916003 objtool: Don't fail on missing symbol table\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QSAP | 9d5f9988f3a7 perf bench futex-wake: Restore thread count default to online CPU count\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5QR5E | 8ea16c0e0012 selftests/bpf: Enlarge select() timeout for test_maps\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5RTF5 | 861697b170c1 xfs: preserve default grace interval during quotacheck\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5RZPX | f04ab3c82886 i40e: Fix kernel crash during module removal\u003Cbr\u003E77ffc4652a7d i40e: Fix use-after-free in i40e_client_subtask()\u003Cbr\u003E |\r\n|     bugzilla: https://gitee.com/openeuler/kernel/issues/I5Q0UG | 7b3c334c3700 EDAC: skx_common: downgrade message importance on missing PCI device\u003Cbr\u003E |\r\n\r\n# 2CVE\r\n-------\r\n| CVE | issue |\r\n|:---:|:-----:|\r\n| CVE-2022-1184 | #I58WSQ |\r\n| CVE-2022-2663 | #I5OWZ7 |\r\n| CVE-2022-3303 | #I5T9C3 |\r\n","author":{"name":"Qiuuuuu","username":"qiuuuuu","path":"/qiuuuuu","avatar_url":"no_portrait.png#Qiuuuuu-qiuuuuu"},"attach_files":[],"zip_download_url":"/openeuler/kernel/releases/tag/4.19.90-2210.1.0.zip","tar_download_url":"/openeuler/kernel/releases/tag/4.19.90-2210.1.0.tar.gz"}}}