Bugzilla – Bug 963931
VUL-0: CVE-2015-8787: kernel: Missing NULL pointer check in nf_nat_redirect_ipv4
Last modified: 2016-11-17 21:24:03 UTC
CVE-2015-8787 https://lkml.org/lkml/2015/12/2/618 Commit 8b13eddfdf04cbfa561725cfc42d6868fe896f56 ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") introduced a crash, fixed by 94f9cd81436c85d8c3a318ba92e236ede73752fc References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8787 http://seclists.org/oss-sec/2016/q1/226 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8787.html
(In reply to Johannes Segitz from comment #0) > CVE-2015-8787 > > https://lkml.org/lkml/2015/12/2/618 > > Commit 8b13eddfdf04cbfa561725cfc42d6868fe896f56 ("netfilter: refactor NAT > redirect IPv4 to use it from nf_tables") introduced a crash introduced in 3.19 and hasn't been backported to any TD branch so those are not affected.
bugbot adjusting priority
Neither has been 8b13eddfdf04 backported to any other SLE or openSUSE branch so that only openSUSE-42.1 should be affected (master and stable are already on 4.4). Going to recheck and add the fix to openSUSE-42.1.
The fix is in openSUSE-42.1 branch now and no other SLE or openSUSE branch is affected (mainline was fixed in 4.4-rc1). Closing and reassigning back to Security team.
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available. Category: security (important) Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125 CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1
This is an autogenerated message for OBS integration: This bug (963931) was mentioned in https://build.opensuse.org/request/show/423661 42.1 / kernel-source
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520 CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828 Sources used: openSUSE Leap 42.1 (src): drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1