ELBA-2023-6709
- ULN >
- Oracle Linux Errata repository >
- ELBA-2023-6709
ELBA-2023-6709 - nftables bug fix and enhancement update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2023-11-11 |
Description
[[1.0.4-11.el9]]
- rule: check address family in set collapse (Phil Sutter) [RHEL-5908]
- spec: Rename variables to avoid a clash (Phil Sutter) [INTERNAL]
[[1.0.4-10.el9]]
- netlink_delinearize: Sanitize concat data element decoding (Phil Sutter) [2160049]
- optimize: Clarify chain_optimize() array allocations (Phil Sutter) [2160049]
- optimize: Do not return garbage from stack (Phil Sutter) [2160049]
- netlink: Fix for potential NULL-pointer deref (Phil Sutter) [2160049]
- meta: parse_iso_date() returns boolean (Phil Sutter) [2160049]
- mnl: dump_nf_hooks() leaks memory in error path (Phil Sutter) [2160049]
- owner: Fix potential array out of bounds access (Phil Sutter) [2160049]
[[1.0.4-9.el9]]
- tests: add a test case for map update from packet path with concat (Phil Sutter) [2094894]
- netlink_linearize: fix timeout with map updates (Phil Sutter) [2094894]
- netlink_delinearize: fix decoding of concat data element (Phil Sutter) [2094894]
[[1.0.4-8.el9]]
- monitor: Sanitize startup race condition (Phil Sutter) [2130721]
- evaluate: set eval ctx for add/update statements with integer constants (Phil Sutter) [2094894]
- src: allow anon set concatenation with ether and vlan (Phil Sutter) [2094887]
- evaluate: search stacked header list for matching payload dep (Phil Sutter) [2094887]
- netlink_delinearize: also postprocess OP_AND in set element context (Phil Sutter) [2094887]
- tests: add a test case for ether and vlan listing (Phil Sutter) [2094887]
- debug: dump the l2 protocol stack (Phil Sutter) [2094887]
- proto: track full stack of seen l2 protocols, not just cumulative offset (Phil Sutter) [2094887]
- netlink_delinearize: postprocess binary ands in concatenations (Phil Sutter) [2094887]
- netlink_delinearize: allow postprocessing on concatenated elements (Phil Sutter) [2094887]
- intervals: check for EXPR_F_REMOVE in case of element mismatch (Phil Sutter) [2115627]
- intervals: fix crash when trying to remove element in empty set (Phil Sutter) [2115627]
- scanner: don't pop active flex scanner scope (Phil Sutter) [2113874]
- parser: add missing synproxy scope closure (Phil Sutter) [2113874]
- tests/py: Add a test for failing ipsec after counter (Phil Sutter) [2113874]
- doc: Document limitations of ipsec expression with xfrm_interface (Phil Sutter) [1806431]
[[1.0.4-7.el9]]
- One more attempt at fixing expected error records (Phil Sutter) [1973687]
[[1.0.4-6.el9]]
- Realy fix expected error records (Phil Sutter) [1973687]
[[1.0.4-5.el9]]
- Fix expected error records (Phil Sutter) [1973687]
[[1.0.4-4.el9]]
- Add expected error records for testsuite runs (Phil Sutter) [1973687]
[[1.0.4-3.el9]]
- Prevent port-shadow attacks in sample nat config (Phil Sutter) [2061940]
[[1.0.4-2.el9]]
- intervals: Do not sort cached set elements over and over again (Phil Sutter) [1917398]
- intervals: do not empty cache for maps (Phil Sutter) [1917398]
- intervals: do not report exact overlaps for new elements (Phil Sutter) [1917398]
- rule: collapse set element commands (Phil Sutter) [1917398]
- tests: shell: runtime set element automerge (Phil Sutter) [1917398]
[1:1.0.4-1]
- Review package dependencies
- new version 1.0.4
[1:0.9.8-13]
- tests: extend dtype test case to cover expression with integer type
- evaluate: set evaluation context for set elements
[1:0.9.8-12]
- evaluate: pick data element byte order, not dtype one
[1:0.9.8-11]
- tests: py: add dnat to port without defining destination address
- evaluate: fix inet nat with no layer 3 info
- include: missing sctp_chunk.h in Makefile.am
- exthdr: Implement SCTP Chunk matching
- scanner: sctp: Move to own scope
- scanner: introduce start condition stack
- json: Simplify non-tcpopt exthdr printing a bit
[1:0.9.8-10]
- tests: shell: better parameters for the interval stack overflow test
- tests: shell: needs to be invoked unquoted
[1:0.9.8-9]
- doc: nft.8: Extend monitor description by trace
[1:0.9.8-8]
- tests: cover baecd1cf2685 ('segtree: Fix segfault when restoring a huge interval set')
- segtree: Fix segfault when restoring a huge interval set
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_aarch64_baseos_latest |
| nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_aarch64_codeready_builder | |
| nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_aarch64_u3_baseos_base | |
| nftables-1.0.4-11.el9_3.aarch64.rpm | c7e1d939b2779d66af1b2c5ceba18643c6e8c97a727eed7b717ace9dcc1fab02 | - | ol9_aarch64_baseos_latest | |
| nftables-1.0.4-11.el9_3.aarch64.rpm | c7e1d939b2779d66af1b2c5ceba18643c6e8c97a727eed7b717ace9dcc1fab02 | - | ol9_aarch64_u3_baseos_base | |
| nftables-devel-1.0.4-11.el9_3.aarch64.rpm | 0a6116337b36066af5f4512976d5d0c8c629d9629660c57f6256fedb64744429 | - | ol9_aarch64_codeready_builder | |
| python3-nftables-1.0.4-11.el9_3.aarch64.rpm | e1819f53f6656e37c850948c57fee3427f6024a1fa841fec7ca771343f6105c2 | - | ol9_aarch64_baseos_latest | |
| python3-nftables-1.0.4-11.el9_3.aarch64.rpm | e1819f53f6656e37c850948c57fee3427f6024a1fa841fec7ca771343f6105c2 | - | ol9_aarch64_u3_baseos_base | |
| Oracle Linux 9 (x86_64) | nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_x86_64_baseos_latest |
| nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_x86_64_codeready_builder | |
| nftables-1.0.4-11.el9_3.src.rpm | 634c7915035f419ed4651421d282acd76f88157f9701037745d06a5a525aba94 | - | ol9_x86_64_u3_baseos_base | |
| nftables-1.0.4-11.el9_3.i686.rpm | e84a0f0c327ce141a130a62fdb9f26fdfe30fca8cbd686af6bd7e01a137babfa | - | ol9_x86_64_baseos_latest | |
| nftables-1.0.4-11.el9_3.i686.rpm | e84a0f0c327ce141a130a62fdb9f26fdfe30fca8cbd686af6bd7e01a137babfa | - | ol9_x86_64_u3_baseos_base | |
| nftables-1.0.4-11.el9_3.x86_64.rpm | b994754ae2e1ac9ddb8f7f664e3fe21126e91c8969c10ffc360a92c9883cdac9 | - | ol9_x86_64_baseos_latest | |
| nftables-1.0.4-11.el9_3.x86_64.rpm | b994754ae2e1ac9ddb8f7f664e3fe21126e91c8969c10ffc360a92c9883cdac9 | - | ol9_x86_64_u3_baseos_base | |
| nftables-devel-1.0.4-11.el9_3.i686.rpm | 7b5336f2444cfaa99a2d1da6bad1ca7ac1760289056b8d1cc4c482b661eb75ad | - | ol9_x86_64_codeready_builder | |
| nftables-devel-1.0.4-11.el9_3.x86_64.rpm | 217cb2afd4f67aba983523214ec5a1d2d9a91221debd97c84bacf79eddb89cd5 | - | ol9_x86_64_codeready_builder | |
| python3-nftables-1.0.4-11.el9_3.x86_64.rpm | 8907d96a2d6c13f9feef8ed18fac77a61dc862bd300f1878c48dba4e1446d2b2 | - | ol9_x86_64_baseos_latest | |
| python3-nftables-1.0.4-11.el9_3.x86_64.rpm | 8907d96a2d6c13f9feef8ed18fac77a61dc862bd300f1878c48dba4e1446d2b2 | - | ol9_x86_64_u3_baseos_base | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
