[kernel] r7245 - in
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sun Aug 27 04:34:05 UTC 2006
Author: dannf
Date: Sun Aug 27 04:34:03 2006
New Revision: 7245
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/227_kfree_skb.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
Log:
* 227_kfree_skb.diff
[SECURITY] Fix race between kfree_skb and __skb_unlink
See CVE-2006-2446
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sun Aug 27 04:34:03 2006
@@ -22,8 +22,11 @@
* 226_snmp-nat-mem-corruption-fix.diff
[SECURITY] Fix memory corruption in snmp_trap_decode
See CVE-2006-2444
+ * 227_kfree_skb.diff
+ [SECURITY] Fix race between kfree_skb and __skb_unlink
+ See CVE-2006-2446
- -- dann frazier <dannf at debian.org> Sat, 26 Aug 2006 22:01:32 -0600
+ -- dann frazier <dannf at debian.org> Sat, 26 Aug 2006 22:32:38 -0600
kernel-source-2.4.27 (2.4.27-10sarge3) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/227_kfree_skb.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/227_kfree_skb.diff Sun Aug 27 04:34:03 2006
@@ -0,0 +1,24 @@
+diff -urN kernel-source-2.4.27.orig/include/linux/skbuff.h kernel-source-2.4.27/include/linux/skbuff.h
+--- kernel-source-2.4.27.orig/include/linux/skbuff.h 2006-05-29 10:05:31.000000000 -0600
++++ kernel-source-2.4.27/include/linux/skbuff.h 2006-08-26 22:28:52.636807000 -0600
+@@ -294,15 +294,11 @@
+
+ static inline void kfree_skb(struct sk_buff *skb)
+ {
+- if (atomic_read(&skb->users) == 1 || atomic_dec_and_test(&skb->users))
+- __kfree_skb(skb);
+-}
+-
+-/* Use this if you didn't touch the skb state [for fast switching] */
+-static inline void kfree_skb_fast(struct sk_buff *skb)
+-{
+- if (atomic_read(&skb->users) == 1 || atomic_dec_and_test(&skb->users))
+- kfree_skbmem(skb);
++ if (likely(atomic_read(&skb->users) == 1))
++ smp_rmb();
++ else if (likely(!atomic_dec_and_test(&skb->users)))
++ return;
++ __kfree_skb(skb);
+ }
+
+ /**
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4 Sun Aug 27 04:34:03 2006
@@ -2,3 +2,4 @@
+ 224_cdrom-bad-cgc.buflen-assign.diff
+ 225_sg-no-mmap-VM_IO.diff
+ 226_snmp-nat-mem-corruption-fix.diff
++ 227_kfree_skb.diff
More information about the Kernel-svn-changes
mailing list