r4647 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
. patches patches/series
Dann Frazier
dannf at costa.debian.org
Mon Oct 24 19:07:05 UTC 2005
Author: dannf
Date: 2005-10-24 19:07:02 +0000 (Mon, 24 Oct 2005)
New Revision: 4647
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-ipv6-udp_v6_get_port-loop.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
fix CAN-2005-2973
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-24 17:54:28 UTC (rev 4646)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-10-24 19:07:02 UTC (rev 4647)
@@ -90,8 +90,10 @@
* mempolicy-check-mode.dpatch
[SECURITY] Input validation in sys_set_mempolicy(); local DoS.
See CAN-2005-3053
+ * net-ipv6-udp_v6_get_port-loop.dpatch
+ [SECURITY] Fix infinite loop in udp_v6_get_port(). See CVE-2005-2973
- -- Simon Horman <horms at debian.org> Tue, 11 Oct 2005 19:48:21 +0900
+ -- dann frazier <dannf at debian.org> Mon, 24 Oct 2005 13:04:38 -0600
kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-ipv6-udp_v6_get_port-loop.dpatch
===================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-ipv6-udp_v6_get_port-loop.dpatch 2005-10-24 17:54:28 UTC (rev 4646)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/net-ipv6-udp_v6_get_port-loop.dpatch 2005-10-24 19:07:02 UTC (rev 4647)
@@ -0,0 +1,35 @@
+diff -Naru a/net/ipv6/udp.c b/net/ipv6/udp.c
+--- a/net/ipv6/udp.c 2005-10-24 10:03:00 -07:00
++++ b/net/ipv6/udp.c 2005-10-24 10:03:00 -07:00
+@@ -99,7 +99,7 @@
+ next:;
+ }
+ result = best;
+- for(;; result += UDP_HTABLE_SIZE) {
++ for(i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++, result += UDP_HTABLE_SIZE) {
+ if (result > sysctl_local_port_range[1])
+ result = sysctl_local_port_range[0]
+ + ((result - sysctl_local_port_range[0]) &
+@@ -107,6 +107,8 @@
+ if (!udp_lport_inuse(result))
+ break;
+ }
++ if (i >= (1 << 16) / UDP_HTABLE_SIZE)
++ goto fail;
+ gotit:
+ udp_port_rover = snum = result;
+ } else {
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2005/10/04 13:00:39-07:00 yoshfuji at linux-ipv6.org
+# [IPV6]: Fix infinite loop in udp_v6_get_port().
+#
+# Signed-off-by: YOSHIFUJI Hideaki <yoshfuji at linux-ipv6.org>
+# Signed-off-by: David S. Miller <davem at davemloft.net>
+#
+# GIT: 87bf9c97b4b3af8dec7b2b79cdfe7bfc0a0a03b2
+#
+# net/ipv6/udp.c
+# 2005/10/04 13:00:39-07:00 yoshfuji at linux-ipv6.org +3 -1
+#
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
===================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 2005-10-24 17:54:28 UTC (rev 4646)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 2005-10-24 19:07:02 UTC (rev 4647)
@@ -11,3 +11,4 @@
+ lost-sockfd_put-in-32bit-compat-routing_ioctl.dpatch
+ orinoco-info-leak.dpatch
+ plug-names_cache-memleak.dpatch
++ net-ipv6-udp_v6_get_port-loop.dpatch
More information about the Kernel-svn-changes
mailing list