[Glibc-bsd-commits] r4901 - in branches/wheezy/kfreebsd-9/debian: . patches
Steven Chamberlain
stevenc-guest at alioth.debian.org
Thu Aug 22 13:23:56 UTC 2013
Author: stevenc-guest
Date: 2013-08-22 13:23:56 +0000 (Thu, 22 Aug 2013)
New Revision: 4901
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-13_10.sctp.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Fix a bug that could lead to kernel memory disclosure with
SCTP state cookie. [13:10] (CVE-2013-5209) (Closes: #720475)
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2013-08-22 13:14:48 UTC (rev 4900)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2013-08-22 13:23:56 UTC (rev 4901)
@@ -5,6 +5,8 @@
Incorrect privilege validation in the NFS server (Closes: #717958)
* Pick SVN 254629 from FreeBSD 9-STABLE to fix SA-13:09 / CVE-2013-3077:
integer overflow in IP_MSFILTER (Closes: #720468)
+ * Pick SVN 254352 from FreeBSD 9-STABLE to fix SA-13:10 / CVE-2013-5209:
+ Kernel memory disclosure in sctp(4) (Closes: #720475)
-- Steven Chamberlain <steven at pyro.eu.org> Thu, 22 Aug 2013 14:13:16 +0100
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-13_10.sctp.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-13_10.sctp.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-13_10.sctp.patch 2013-08-22 13:23:56 UTC (rev 4901)
@@ -0,0 +1,27 @@
+Description:
+ Fix a bug that could lead to kernel memory disclosure with
+ SCTP state cookie. [13:10] (CVE-2013-5209)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-13:10/sctp.patch
+Bug: http://security.FreeBSD.org/advisories/FreeBSD-SA-13:10.sctp.asc
+Bug-Debian: http://bugs.debian.org/720475
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=254352
+
+Index: kfreebsd-9-9.0/sys/netinet/sctp_output.c
+===================================================================
+--- kfreebsd-9-9.0.orig/sys/netinet/sctp_output.c 2011-11-27 19:13:45.000000000 +0000
++++ kfreebsd-9-9.0/sys/netinet/sctp_output.c 2013-08-22 13:56:33.325837810 +0100
+@@ -5451,6 +5451,14 @@
+ }
+ SCTP_BUF_LEN(m) = sizeof(struct sctp_init_chunk);
+
++ /*
++ * We might not overwrite the identification[] completely and on
++ * some platforms time_entered will contain some padding. Therefore
++ * zero out the cookie to avoid putting uninitialized memory on the
++ * wire.
++ */
++ memset(&stc, 0, sizeof(struct sctp_state_cookie));
++
+ /* the time I built cookie */
+ (void)SCTP_GETTIME_TIMEVAL(&stc.time_entered);
+
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2013-08-22 13:14:48 UTC (rev 4900)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2013-08-22 13:23:56 UTC (rev 4901)
@@ -12,6 +12,7 @@
SA-13_06.mmap.patch
SA-13_08.nfsserver.patch
SA-13_09.ip_multicast.patch
+SA-13_10.sctp.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list