[kernel] r4879 - dists/sid/linux-2.6/debian dists/sid/linux-2.6/debian/patches-debian patch-tracking

Simon Horman horms at costa.debian.org
Thu Nov 24 07:27:52 UTC 2005 

Author: horms
Date: Thu Nov 24 07:27:49 2005
New Revision: 4879

Added:
   dists/sid/linux-2.6/debian/patches-debian/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch
   patch-tracking/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch
      - copied, changed from r4876, patch-tracking/00boilerplate
Modified:
   dists/sid/linux-2.6/debian/changelog
Log:
[SECURITY] ctnetlink: Fix oops when no ICMP ID info in message (local DoS)

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Thu Nov 24 07:27:49 2005
@@ -12,8 +12,11 @@
     [SECURITY] 32bit integer overflow in invalidate_inode_pages2() (local DoS)
   * ctnetlink-check-if-protoinfo-is-present.patch
     [SECURITY] ctnetlink: check if protoinfo is present (local DoS)
+  * ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch
+    [SECURITY] ctnetlink: Fix oops when no ICMP ID info in message (local DoS)
+    
 
- -- Simon Horman <horms at debian.org>  Thu, 24 Nov 2005 16:14:27 +0900
+ -- Simon Horman <horms at debian.org>  Thu, 24 Nov 2005 16:22:33 +0900
 
 linux-2.6 (2.6.14-3) unstable; urgency=low
 

Added: dists/sid/linux-2.6/debian/patches-debian/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch	Thu Nov 24 07:27:49 2005
@@ -0,0 +1,30 @@
+commit 439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11
+tree f4d99b79ea24ec2b9c65165d0c4528058cee1f35
+parent a856a19a9f3ee14fc0d555470f3af138aeb0245c
+author Krzysztof Piotr Oledzki <ole at ans.pl> Wed, 09 Nov 2005 13:04:08 -0800
+committer David S. Miller <davem at davemloft.net> Wed, 09 Nov 2005 13:04:08 -0800
+
+    [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
+    
+    This patch fixes an userspace triggered oops. If there is no ICMP_ID
+    info the reference to attr will be NULL.
+    
+    Signed-off-by: Krzysztof Piotr Oledzki <ole at ans.pl>
+    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+    Signed-off-by: Harald Welte <laforge at netfilter.org>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+index 9481d15..083951e 100644
+--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
++++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+@@ -296,7 +296,8 @@ static int icmp_nfattr_to_tuple(struct n
+ 				struct ip_conntrack_tuple *tuple)
+ {
+ 	if (!tb[CTA_PROTO_ICMP_TYPE-1]
+-	    || !tb[CTA_PROTO_ICMP_CODE-1])
++	    || !tb[CTA_PROTO_ICMP_CODE-1]
++	    || !tb[CTA_PROTO_ICMP_ID-1])
+ 		return -1;
+ 
+ 	tuple->dst.u.icmp.type = 

Copied: patch-tracking/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch (from r4876, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate	(original)
+++ patch-tracking/ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch	Thu Nov 24 07:27:49 2005
@@ -1,16 +1,20 @@
-Candidate: 
-References: 
+Candidate: needed
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=439a9994bb6ae3c7cab1f0b776bca6bc7aa58a11
 Description: 
+ [NETFILTER] ctnetlink: Fix oops when no ICMP ID info in message
+ .
+ This patch fixes an userspace triggered oops. If there is no ICMP_ID
+ info the reference to attr will be NULL.
 Notes: 
 Bugs: 
-upstream: 
-2.6.14: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
-2.6.8: 
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+upstream: 2.6.15-rc1
+2.6.14: pending (2.6.14-1)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A

More information about the Kernel-svn-changes mailing list