[kernel] r5719 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
. patches patches/series
Dann Frazier
dannf at costa.debian.org
Tue Feb 7 05:41:41 UTC 2006
Author: dannf
Date: Tue Feb 7 05:41:39 2006
New Revision: 5719
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
* ip_options_echo-extra-dst.dpatch
[SECURITY] Bypass ip_rt_put() call in icmp_send to fix a remote DoS
vulnerability.
See CVE-2006-0454
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Tue Feb 7 05:41:39 2006
@@ -176,13 +176,18 @@
* sysctl-buffer-overflow.dpatch:
[SECURITY] Fix a potential overflow in sysctl buffer termination code.
See CVE-2005-4618
-
+
* sparc64-clock-settime.dpatch
[SECURITY] Remove unnecessary sign-extension in compat_sys_clock_settime,
fixing a DoS vulnerability on sparc systems.
See CVE-2006-0482
- -- dann frazier <dannf at debian.org> Tue, 31 Jan 2006 22:45:22 -0700
+ * ip_options_echo-extra-dst.dpatch
+ [SECURITY] Bypass ip_rt_put() call in icmp_send to fix a remote DoS
+ vulnerability.
+ See CVE-2006-0454
+
+ -- dann frazier <dannf at debian.org> Mon, 6 Feb 2006 22:37:56 -0700
kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch Tue Feb 7 05:41:39 2006
@@ -0,0 +1,27 @@
+From: Herbert Xu <herbert at gondor.apana.org.au>
+Date: Sat, 4 Feb 2006 10:09:34 +0000 (-0800)
+Subject: [ICMP]: Fix extra dst release when ip_options_echo fails
+X-Git-Url: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa60cf7f64a00c16e95717e8dccdb128877e342a
+
+[ICMP]: Fix extra dst release when ip_options_echo fails
+
+When two ip_route_output_key lookups in icmp_send were combined I
+forgot to change the error path for ip_options_echo to not drop the
+dst reference since it now sits before the dst lookup. To fix it we
+simply jump past the ip_rt_put call.
+
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+--- a/net/ipv4/icmp.c
++++ b/net/ipv4/icmp.c
+@@ -524,7 +524,7 @@ void icmp_send(struct sk_buff *skb_in, i
+ iph->tos;
+
+ if (ip_options_echo(&icmp_param.replyopts, skb_in))
+- goto ende;
++ goto out_unlock;
+
+
+ /*
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 Tue Feb 7 05:41:39 2006
@@ -34,3 +34,4 @@
+ mqueue-double-increment.dpatch
+ sysctl-buffer-overflow.dpatch
+ sparc64-clock-settime.dpatch
++ ip_options_echo-extra-dst.dpatch
More information about the Kernel-svn-changes
mailing list