[kernel] r7246 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sun Aug 27 04:34:52 UTC 2006
Author: dannf
Date: Sun Aug 27 04:34:49 2006
New Revision: 7246
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/kfree_skb-race.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Log:
* kfree_skb-race.dpatch
[SECURITY] Fix race between kfree_skb and __skb_unlink
See CVE-2006-2446
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Sun Aug 27 04:34:49 2006
@@ -49,8 +49,11 @@
* snmp-nat-mem-corruption-fix.dpatch
[SECURITY] Fix memory corruption in snmp_trap_decode
See CVE-2006-2444
+ * kfree_skb-race.dpatch
+ [SECURITY] Fix race between kfree_skb and __skb_unlink
+ See CVE-2006-2446
- -- dann frazier <dannf at debian.org> Sat, 26 Aug 2006 21:52:14 -0600
+ -- dann frazier <dannf at debian.org> Sat, 26 Aug 2006 22:24:24 -0600
kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/kfree_skb-race.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/kfree_skb-race.dpatch Sun Aug 27 04:34:49 2006
@@ -0,0 +1,23 @@
+--- linux-2.6.9/include/linux/skbuff.h.orig 2006-05-22 17:25:40.446058000 -0400
++++ linux-2.6.9/include/linux/skbuff.h 2006-05-22 17:29:19.525759000 -0400
+@@ -351,15 +351,11 @@ static inline struct sk_buff *skb_get(st
+ */
+ static inline void kfree_skb(struct sk_buff *skb)
+ {
+- if (atomic_read(&skb->users) == 1 || atomic_dec_and_test(&skb->users))
+- __kfree_skb(skb);
+-}
+-
+-/* Use this if you didn't touch the skb state [for fast switching] */
+-static inline void kfree_skb_fast(struct sk_buff *skb)
+-{
+- if (atomic_read(&skb->users) == 1 || atomic_dec_and_test(&skb->users))
+- kfree_skbmem(skb);
++ if (likely(atomic_read(&skb->users) == 1))
++ smp_rmb();
++ else if (likely(!atomic_dec_and_test(&skb->users)))
++ return;
++ __kfree_skb(skb);
+ }
+
+ /**
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 Sun Aug 27 04:34:49 2006
@@ -10,3 +10,4 @@
+ readv-writev-missing-lsm-check.dpatch
+ readv-writev-missing-lsm-check-compat.dpatch
+ snmp-nat-mem-corruption-fix.dpatch
++ kfree_skb-race.dpatch
More information about the Kernel-svn-changes
mailing list