[Glibc-bsd-commits] r5701 - in trunk/kfreebsd-10/debian: . patches

stevenc-guest at alioth.debian.org stevenc-guest at alioth.debian.org
Tue Apr 7 21:26:10 UTC 2015 

Author: stevenc-guest
Date: 2015-04-07 21:26:10 +0000 (Tue, 07 Apr 2015)
New Revision: 5701

Added:
   trunk/kfreebsd-10/debian/patches/SA-15_09.ipv6.patch
Modified:
   trunk/kfreebsd-10/debian/changelog
   trunk/kfreebsd-10/debian/patches/series
Log:
Fix Denial of Service with IPv6 Router Advertisements [SA-15:09] (CVE-2015-2923)


Modified: trunk/kfreebsd-10/debian/changelog
===================================================================
--- trunk/kfreebsd-10/debian/changelog	2015-04-07 21:16:45 UTC (rev 5700)
+++ trunk/kfreebsd-10/debian/changelog	2015-04-07 21:26:10 UTC (rev 5701)
@@ -1,8 +1,10 @@
 kfreebsd-10 (10.1~svn274115-4) UNRELEASED; urgency=medium
 
-  * Pick SVN SVN r281232 from FreeBSD 10.1-RELEASE to fix:
+  * Pick SVN r281232 from FreeBSD 10.1-RELEASE to fix:
     - SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
       updated patch from advisory revision 1.1 (Closes: #XXXXXX)
+    - SA-15:09: Denial of Service with IPv6 Router Advertisements
+      (CVE-2015-2923) (Closes: #XXXXXX)
 
  -- Steven Chamberlain <steven at pyro.eu.org>  Tue, 07 Apr 2015 22:13:19 +0100
 

Added: trunk/kfreebsd-10/debian/patches/SA-15_09.ipv6.patch
===================================================================
--- trunk/kfreebsd-10/debian/patches/SA-15_09.ipv6.patch	                        (rev 0)
+++ trunk/kfreebsd-10/debian/patches/SA-15_09.ipv6.patch	2015-04-07 21:26:10 UTC (rev 5701)
@@ -0,0 +1,28 @@
+Description:
+ Fix Denial of Service with IPv6 Router Advertisements [SA-15:09] (CVE-2015-2923)
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc
+Bug-Debian: https://bugs.debian.org/XXXXXX
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=281232
+
+--- a/sys/netinet6/nd6_rtr.c
++++ b/sys/netinet6/nd6_rtr.c
+@@ -296,8 +296,16 @@
+ 	}
+ 	if (nd_ra->nd_ra_retransmit)
+ 		ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
+-	if (nd_ra->nd_ra_curhoplimit)
+-		ndi->chlim = nd_ra->nd_ra_curhoplimit;
++	if (nd_ra->nd_ra_curhoplimit) {
++		if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
++			ndi->chlim = nd_ra->nd_ra_curhoplimit;
++		else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
++			log(LOG_ERR, "RA with a lower CurHopLimit sent from "
++			    "%s on %s (current = %d, received = %d). "
++			    "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
++			    if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
++		}
++	}
+ 	dr = defrtrlist_update(&dr0);
+     }
+ 

Modified: trunk/kfreebsd-10/debian/patches/series
===================================================================
--- trunk/kfreebsd-10/debian/patches/series	2015-04-07 21:16:45 UTC (rev 5700)
+++ trunk/kfreebsd-10/debian/patches/series	2015-04-07 21:26:10 UTC (rev 5701)
@@ -42,3 +42,4 @@
 SA-15_03.sctp.patch
 SA-15_04.igmp.patch
 EN-15_01.vt.patch
+SA-15_09.ipv6.patch

More information about the Glibc-bsd-commits mailing list