[kernel] r7258 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Tue Aug 29 05:16:24 UTC 2006
Author: dannf
Date: Tue Aug 29 05:16:21 2006
New Revision: 7258
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-priv-elevation-2.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Log:
* sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Tue Aug 29 05:16:21 2006
@@ -52,7 +52,7 @@
* kfree_skb-race.dpatch
[SECURITY] Fix race between kfree_skb and __skb_unlink
See CVE-2006-2446
- * sctp-priv-elevation.dpatch
+ * sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch
[SECURITY] Fix SCTP privelege escalation
See CVE-2006-3745
* ppc-hid0-dos.dpatch
@@ -63,7 +63,7 @@
[SECURITY] Fix possible UDF deadlock and memory corruption
See CVE-2006-4145
- -- dann frazier <dannf at debian.org> Sun, 27 Aug 2006 13:24:40 -0600
+ -- dann frazier <dannf at debian.org> Mon, 28 Aug 2006 23:15:37 -0600
kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-priv-elevation-2.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-priv-elevation-2.dpatch Tue Aug 29 05:16:21 2006
@@ -0,0 +1,37 @@
+From: Sridhar Samudrala <sri at us.ibm.com>
+Date: Mon, 28 Aug 2006 20:53:01 +0000 (-0700)
+Subject: [SCTP]: Fix sctp_primitive_ABORT() call in sctp_close().
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=e12289f0bc673dabb22be32d2df54b0ebfc7cf2b
+
+[SCTP]: Fix sctp_primitive_ABORT() call in sctp_close().
+
+With the recent fix, the callers of sctp_primitive_ABORT()
+need to create an ABORT chunk and pass it as an argument rather
+than msghdr that was passed earlier.
+
+Signed-off-by: Sridhar Samudrala <sri at us.ibm.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at debian.org>
+
+diff -urpN kernel-source-2.6.8-2.6.8.orig/net/sctp/socket.c kernel-source-2.6.8-2.6.8/net/sctp/socket.c
+--- kernel-source-2.6.8-2.6.8.orig/net/sctp/socket.c 2006-08-28 22:44:00.866527000 -0600
++++ kernel-source-2.6.8-2.6.8/net/sctp/socket.c 2006-08-28 22:54:35.674200000 -0600
+@@ -977,9 +977,13 @@ SCTP_STATIC void sctp_close(struct sock
+ sctp_association_free(asoc);
+
+ } else if (sock_flag(sk, SOCK_LINGER) &&
+- !sk->sk_lingertime)
+- sctp_primitive_ABORT(asoc, NULL);
+- else
++ !sk->sk_lingertime) {
++ struct sctp_chunk *chunk;
++
++ chunk = sctp_make_abort_user(asoc, NULL, 0);
++ if (chunk)
++ sctp_primitive_ABORT(asoc, chunk);
++ } else
+ sctp_primitive_SHUTDOWN(asoc, NULL);
+ } else
+ sctp_primitive_SHUTDOWN(asoc, NULL);
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5 Tue Aug 29 05:16:21 2006
@@ -12,5 +12,6 @@
+ snmp-nat-mem-corruption-fix.dpatch
+ kfree_skb-race.dpatch
+ sctp-priv-elevation.dpatch
++ sctp-priv-elevation-2.dpatch
+ ppc-hid0-dos.dpatch
+ udf-deadlock.dpatch
More information about the Kernel-svn-changes
mailing list