[Glibc-bsd-commits] r5704 - in branches/wheezy/kfreebsd-9/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Thu Apr 16 21:48:09 UTC 2015
Author: stevenc-guest
Date: 2015-04-16 21:48:09 +0000 (Thu, 16 Apr 2015)
New Revision: 5704
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-15_04.igmp.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN r281231 from FreeBSD 9-STABLE to fix:
- SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
updated patch from advisory revision 1.1 (Closes: #779201)
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2015-04-07 22:51:40 UTC (rev 5703)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2015-04-16 21:48:09 UTC (rev 5704)
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.10) UNRELEASED; urgency=high
+
+ * Pick SVN r281231 from FreeBSD 9-STABLE to fix:
+ - SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
+ updated patch from advisory revision 1.1 (Closes: #779201)
+
+ -- Steven Chamberlain <steven at pyro.eu.org> Thu, 16 Apr 2015 21:45:05 +0000
+
kfreebsd-9 (9.0-10+deb70.9) wheezy-security; urgency=medium
* Upstream patch for FreeBSD-SA-15:04.igmp / CVE-2015-1414 (Closes: #779201)
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-15_04.igmp.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-15_04.igmp.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-15_04.igmp.patch 2015-04-16 21:48:09 UTC (rev 5704)
@@ -0,0 +1,41 @@
+Description:
+ Fix integer overflow in IGMP protocol [SA-15:04] (CVE-2015-1414)
+ .
+ Updated patch from advisory revision 1.1
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:04/igmp-errata.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
+Bug-Debian: https://bugs.debian.org/779201
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=281231
+
+--- a/sys/netinet/igmp.c
++++ b/sys/netinet/igmp.c
+@@ -1532,8 +1532,7 @@
+ case IGMP_VERSION_3: {
+ struct igmpv3 *igmpv3;
+ uint16_t igmpv3len;
+- uint16_t srclen;
+- int nsrc;
++ uint16_t nsrc;
+
+ IGMPSTAT_INC(igps_rcv_v3_queries);
+ igmpv3 = (struct igmpv3 *)igmp;
+@@ -1541,8 +1540,8 @@
+ * Validate length based on source count.
+ */
+ nsrc = ntohs(igmpv3->igmp_numsrc);
+- srclen = sizeof(struct in_addr) * nsrc;
+- if (nsrc * sizeof(in_addr_t) > srclen) {
++ if (nsrc * sizeof(in_addr_t) >
++ UINT16_MAX - iphlen - IGMP_V3_QUERY_MINLEN) {
+ IGMPSTAT_INC(igps_rcv_tooshort);
+ return;
+ }
+@@ -1551,7 +1550,7 @@
+ * this scope.
+ */
+ igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN +
+- srclen;
++ sizeof(struct in_addr) * nsrc;
+ if ((m->m_flags & M_EXT ||
+ m->m_len < igmpv3len) &&
+ (m = m_pullup(m, igmpv3len)) == NULL) {
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2015-04-07 22:51:40 UTC (rev 5703)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2015-04-16 21:48:09 UTC (rev 5704)
@@ -24,6 +24,7 @@
SA-14_17.kern.patch
SA-14_22.namei.patch
SA-14_25.setlogin.patch
+SA-15_04.igmp.patch
# Other patches that might or might not be mergeable
001_misc.diff
@@ -59,4 +60,3 @@
950_no_stack_protector.diff
999_config.diff
999_firmware.diff
-svn279263-FreeBSD-SA-15:04.igmp
More information about the Glibc-bsd-commits
mailing list