ELBA-2024-6174

ELBA-2024-6174 - libnftnl bug fix update

Type:BUG
Severity:NA
Release Date:2024-09-03

Description


[[1.2.6-4.el9]]
- Bump release for side-tag build with fixed libmnl (Phil Sutter) [RHEL-28515]

[[1.2.6-3.el9]]
- tests: Fix objref test case (Phil Sutter) [RHEL-28515]
- expr: Respect data_len when setting attributes (Phil Sutter) [RHEL-28515]
- obj: Respect data_len when setting attributes (Phil Sutter) [RHEL-28515]
- utils: Introduce and use nftnl_set_str_attr() (Phil Sutter) [RHEL-28515]
- obj: Enforce attr_policy compliance in nftnl_obj_set_data() (Phil Sutter) [RHEL-28515]
- obj: Introduce struct obj_ops::attr_policy (Phil Sutter) [RHEL-28515]
- obj: Call obj_ops::set with legal attributes only (Phil Sutter) [RHEL-28515]
- obj: Repurpose struct obj_ops::max_attr field (Phil Sutter) [RHEL-28515]
- obj: Return value on setters (Phil Sutter) [RHEL-28515]
- object: getters take const struct (Phil Sutter) [RHEL-28515]
- utils: Fix for wrong variable use in nftnl_assert_validate() (Phil Sutter) [RHEL-28515]
- obj: synproxy: Use memcpy() to handle potentially unaligned data (Phil Sutter) [RHEL-28515]
- obj: Do not call nftnl_obj_set_data() with zero data_len (Phil Sutter) [RHEL-28515]
- table: Validate NFTNL_TABLE_OWNER, too (Phil Sutter) [RHEL-28515]
- set: Validate NFTNL_SET_ID, too (Phil Sutter) [RHEL-28515]
- obj: Validate NFTNL_OBJ_TYPE, too (Phil Sutter) [RHEL-28515]
- flowtable: Validate NFTNL_FLOWTABLE_SIZE, too (Phil Sutter) [RHEL-28515]
- table: Validate NFTNL_TABLE_USE, too (Phil Sutter) [RHEL-28515]
- chain: Validate NFTNL_CHAIN_USE, too (Phil Sutter) [RHEL-28515]
- expr: Enforce attr_policy compliance in nftnl_expr_set() (Phil Sutter) [RHEL-28515]
- expr: Introduce struct expr_ops::attr_policy (Phil Sutter) [RHEL-28515]
- include: Sync nf_log.h with kernel headers (Phil Sutter) [RHEL-28515]
- expr: Call expr_ops::set with legal types only (Phil Sutter) [RHEL-28515]
- expr: Repurpose struct expr_ops::max_attr field (Phil Sutter) [RHEL-28515]
- udata: incorrect userdata buffer size validation (Phil Sutter) [RHEL-28515]
- obj: ct_timeout: setter checks for timeout array boundaries (Phil Sutter) [RHEL-28515]
- set_elem: use nftnl_data_cpy() in NFTNL_SET_ELEM_{KEY,KEY_END,DATA} (Phil Sutter) [RHEL-28515]
- set: buffer overflow in NFTNL_SET_DESC_CONCAT setter (Phil Sutter) [RHEL-28515]
- expr: fix buffer overflows in data value setters (Phil Sutter) [RHEL-28515]




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_aarch64_baseos_latest
libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_aarch64_codeready_builder
libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_aarch64_u4_baseos_patch
libnftnl-1.2.6-4.el9_4.aarch64.rpm0370c6405346556f591481e38e94a70a-ol9_aarch64_baseos_latest
libnftnl-1.2.6-4.el9_4.aarch64.rpm0370c6405346556f591481e38e94a70a-ol9_aarch64_u4_baseos_patch
libnftnl-devel-1.2.6-4.el9_4.aarch64.rpm814b8f3f1607fd4b9ab05e3605f9eeab-ol9_aarch64_codeready_builder
Oracle Linux 9 (x86_64) libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_x86_64_baseos_latest
libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_x86_64_codeready_builder
libnftnl-1.2.6-4.el9_4.src.rpm8b5d4b24d717a3acb8e953a0e40ae1cb-ol9_x86_64_u4_baseos_patch
libnftnl-1.2.6-4.el9_4.i686.rpme8a8b072355905655626a123e590c6f0-ol9_x86_64_baseos_latest
libnftnl-1.2.6-4.el9_4.i686.rpme8a8b072355905655626a123e590c6f0-ol9_x86_64_u4_baseos_patch
libnftnl-1.2.6-4.el9_4.x86_64.rpm591a64ad202a849b617410729a68aa3e-ol9_x86_64_baseos_latest
libnftnl-1.2.6-4.el9_4.x86_64.rpm591a64ad202a849b617410729a68aa3e-ol9_x86_64_u4_baseos_patch
libnftnl-devel-1.2.6-4.el9_4.i686.rpmbde7771f6150f4af30e2d220ace309fd-ol9_x86_64_codeready_builder
libnftnl-devel-1.2.6-4.el9_4.x86_64.rpm3b87b5fe6e5f96012945f0d7f6d71e46-ol9_x86_64_codeready_builder


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete