[Glibc-bsd-commits] r5706 - in branches/wheezy/kfreebsd-9/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Thu Apr 16 21:51:47 UTC 2015
Author: stevenc-guest
Date: 2015-04-16 21:51:47 +0000 (Thu, 16 Apr 2015)
New Revision: 5706
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-15_09.ipv6.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN r281231 from FreeBSD 9-STABLE to fix:
- SA-15:09: Denial of Service with IPv6 Router Advertisements
(CVE-2015-2923) (Closes: #782735)
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2015-04-16 21:49:04 UTC (rev 5705)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2015-04-16 21:51:47 UTC (rev 5706)
@@ -3,6 +3,8 @@
* Pick SVN r281231 from FreeBSD 9-STABLE to fix:
- SA-15:04: integer overflow in IGMP protocol (CVE-2015-1414)
updated patch from advisory revision 1.1 (Closes: #779201)
+ - SA-15:09: Denial of Service with IPv6 Router Advertisements
+ (CVE-2015-2923) (Closes: #782735)
-- Steven Chamberlain <steven at pyro.eu.org> Thu, 16 Apr 2015 21:45:05 +0000
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-15_09.ipv6.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-15_09.ipv6.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-15_09.ipv6.patch 2015-04-16 21:51:47 UTC (rev 5706)
@@ -0,0 +1,28 @@
+Description:
+ Fix Denial of Service with IPv6 Router Advertisements [SA-15:09] (CVE-2015-2923)
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:09/ipv6.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:09.ipv6.asc
+Bug-Debian: https://bugs.debian.org/782735
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=281231
+
+--- a/sys/netinet6/nd6_rtr.c
++++ b/sys/netinet6/nd6_rtr.c
+@@ -293,8 +293,16 @@
+ }
+ if (nd_ra->nd_ra_retransmit)
+ ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
+- if (nd_ra->nd_ra_curhoplimit)
+- ndi->chlim = nd_ra->nd_ra_curhoplimit;
++ if (nd_ra->nd_ra_curhoplimit) {
++ if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
++ ndi->chlim = nd_ra->nd_ra_curhoplimit;
++ else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
++ log(LOG_ERR, "RA with a lower CurHopLimit sent from "
++ "%s on %s (current = %d, received = %d). "
++ "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
++ if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
++ }
++ }
+ dr = defrtrlist_update(&dr0);
+ }
+
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2015-04-16 21:49:04 UTC (rev 5705)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2015-04-16 21:51:47 UTC (rev 5706)
@@ -25,6 +25,7 @@
SA-14_22.namei.patch
SA-14_25.setlogin.patch
SA-15_04.igmp.patch
+SA-15_09.ipv6.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list