r4583 - people/horms/patch_notes/cve

Micah Anderson micah at costa.debian.org
Fri Oct 21 17:22:07 UTC 2005 

Author: micah
Date: 2005-10-21 17:22:06 +0000 (Fri, 21 Oct 2005)
New Revision: 4583

Added:
   people/horms/patch_notes/cve/174_net-ipv4-netfilter-nat-mem.diff
   people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch
Modified:
   people/horms/patch_notes/cve/00boilerplate
   people/horms/patch_notes/cve/sys_get_thread_area-leak.dpatch
Log:
Added new patch (and symlink to 2.4 patch)
updated boilerplate to have Description format and 2.4 kernels
updated sys_get_thread to have proper 2.6.8-sarge16 version


Modified: people/horms/patch_notes/cve/00boilerplate
===================================================================
--- people/horms/patch_notes/cve/00boilerplate	2005-10-21 17:13:51 UTC (rev 4582)
+++ people/horms/patch_notes/cve/00boilerplate	2005-10-21 17:22:06 UTC (rev 4583)
@@ -5,16 +5,19 @@
 Candidate: ##NEEDED## | CAN-XXXX-XXXX | N/A
 Reference: CONFIRM:##URL## 
 Reference: MISC:##URL## 
-Description: ##NEEDED## dannf> can a single description work for the cve,
-                        dannf> the changelog, and the DSA?
-                        dannf> should this use debian/control style multiline?
-                        dannf> should we have a short description?
+Description: 
+ ##NEEDED## dannf> can a single description work for the cve,
+ dannf> the changelog, and the DSA?
+ dannf> should this use debian/control style multiline?
+ dannf> should we have a short description?
 
 Bug: [id, id, ...]
 fixed-upstream: [version(, version)*]
 2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
 2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
 2.6.8-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+2.4.27-sarge-security: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+woody kernels?
 ... one line for each currently maintained tree
 
 dannf> what does backported mean?  the patch didn't apply & needed munging,

Added: people/horms/patch_notes/cve/174_net-ipv4-netfilter-nat-mem.diff
===================================================================
--- people/horms/patch_notes/cve/174_net-ipv4-netfilter-nat-mem.diff	2005-10-21 17:13:51 UTC (rev 4582)
+++ people/horms/patch_notes/cve/174_net-ipv4-netfilter-nat-mem.diff	2005-10-21 17:22:06 UTC (rev 4583)
@@ -0,0 +1 @@
+link netfilter-NAT-memory-corruption.dpatch
\ No newline at end of file


Property changes on: people/horms/patch_notes/cve/174_net-ipv4-netfilter-nat-mem.diff
___________________________________________________________________
Name: svn:special
   + *

Added: people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch
===================================================================
--- people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch	2005-10-21 17:13:51 UTC (rev 4582)
+++ people/horms/patch_notes/cve/netfilter-NAT-memory-corruption.dpatch	2005-10-21 17:22:06 UTC (rev 4583)
@@ -0,0 +1,17 @@
+======================================================
+Candidate: CVE-2005-3275
+CONFIRM: http://linux.bkbits.net:8080/linux-2.6/cset@1.3596.79.34?nav=index.html|src/|src/net|src/net/ipv4|src/net/ipv4/netfilter|related/net/ipv4/netfilter/ip_nat_proto_udp.c
+Description: 
+ A potential memory corruption bug exists in the NAT code in Linux
+ kernels prior to 2.6.13 and 2.4.32-rc1.  The portptr pointing to the
+ port in the conntrack tuple is declared static, which could result in
+ memory corruption when two packets of the same protocol are NATed at
+ the same time and one conntrack goes away.  A malicious machine on the
+ same network could potentially use this to initiate a DoS attack.
+
+Bug: [id, id, ...]
+fixed-upstream: [2.6.12.3(, version)*]
+2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
+2.6.8-sarge-security: (pending [(2.6.8-16sarge2)]|released [(2.6.8-16sarge1)]|N/A)[, backported][, patch-name-used.diff]
+2.4.27-sarge-security: (pending [(2.4.27-10sarge1)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
\ No newline at end of file

Modified: people/horms/patch_notes/cve/sys_get_thread_area-leak.dpatch
===================================================================
--- people/horms/patch_notes/cve/sys_get_thread_area-leak.dpatch	2005-10-21 17:13:51 UTC (rev 4582)
+++ people/horms/patch_notes/cve/sys_get_thread_area-leak.dpatch	2005-10-21 17:22:06 UTC (rev 4583)
@@ -12,4 +12,4 @@
 fixed-upstream: [2.6.12.4(, version)*]
 2.6.13: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
 2.6.12: (pending [(version)]|released [(version)]|N/A)[, backported][, patch-name-used.diff]
-2.6.8-sarge-security: (pending [(2.6.8-sarge2)]|released [(2.6.8-sarge1)]|N/A)[, backported][, patch-name-used.diff]
+2.6.8-sarge-security: (pending [(2.6.8-16sarge2)]|released [(2.6.8-16sarge1)]|N/A)[, backported][, patch-name-used.diff]

More information about the Kernel-svn-changes mailing list