Bug 1428684

Summary: RFE: Backport of ICMP ratelimit fixes.
Product: Red Hat Enterprise Linux 7 Reporter: Wade Mealing <wmealing>
Component: kernelAssignee: Sabrina Dubroca <sdubroca>
kernel sub component: Networking QA Contact: Jianlin Shi <jishi>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: atragler, fweimer, jbrouer, jiji, jpirko, kzhang, lxin, mleitner, sukulkar, tgraf
Version: 7.4Keywords: FutureFeature
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-3.10.0-647.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-02 05:47:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wade Mealing 2017-03-03 06:51:49 UTC 
Description of problem:

As per discussion with Jesper Dangaard Brouer, he suggests that we need to backport specific fixes to reduce the icmp_send() ratelimit, which in turn has an affect on CVE-2017-5972 ( https://bugzilla.redhat.com/show_bug.cgi?id=1422081 ).

Version-Release number of selected component (if applicable):

Current RHEL 7.

Required backports:

 https://git.kernel.org/davem/net-next/c/9f2f27a9a518c
 https://git.kernel.org/davem/net-next/c/7ba91ecb16824
 https://git.kernel.org/davem/net-next/c/c0303efeab739
 https://git.kernel.org/davem/net-next/c/8d9ba388f35b3

I have not tested these, this is not considered a security flaw but a reccomended hardening fix.

Thanks,

Wade Mealing
Red Hat Product Security.
Comment 4 Rafael Aquini 2017-04-10 16:50:41 UTC 
Patch(es) committed on kernel repository and an interim kernel build is undergoing testing
Comment 6 Rafael Aquini 2017-04-11 15:07:41 UTC 
Patch(es) available on kernel-3.10.0-647.el7
Comment 8 Jianlin Shi 2017-05-11 06:31:45 UTC 
related test passed:

https://beaker.engineering.redhat.com/jobs/1851885
Comment 9 Florian Weimer 2017-06-14 06:32:47 UTC 
This changes introduces a regression, see bug 1461282.
Comment 11 errata-xmlrpc 2017-08-02 05:47:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1842