[kernel] r5719 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Tue Feb 7 05:41:41 UTC 2006

Author: dannf
Date: Tue Feb  7 05:41:39 2006
New Revision: 5719

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
* ip_options_echo-extra-dst.dpatch
  [SECURITY] Bypass ip_rt_put() call in icmp_send to fix a remote DoS
  vulnerability.
  See CVE-2006-0454

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================

--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Tue Feb  7 05:41:39 2006
@@ -176,13 +176,18 @@
   * sysctl-buffer-overflow.dpatch:
     [SECURITY] Fix a potential overflow in sysctl buffer termination code.
     See CVE-2005-4618
-  
+
   * sparc64-clock-settime.dpatch
     [SECURITY] Remove unnecessary sign-extension in compat_sys_clock_settime,
     fixing a DoS vulnerability on sparc systems.
     See CVE-2006-0482
 
- -- dann frazier <dannf at debian.org>  Tue, 31 Jan 2006 22:45:22 -0700
+  * ip_options_echo-extra-dst.dpatch
+    [SECURITY] Bypass ip_rt_put() call in icmp_send to fix a remote DoS
+    vulnerability.
+    See CVE-2006-0454
+
+ -- dann frazier <dannf at debian.org>  Mon,  6 Feb 2006 22:37:56 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/ip_options_echo-extra-dst.dpatch	Tue Feb  7 05:41:39 2006
@@ -0,0 +1,27 @@
+From: Herbert Xu <herbert at gondor.apana.org.au>
+Date: Sat, 4 Feb 2006 10:09:34 +0000 (-0800)
+Subject: [ICMP]: Fix extra dst release when ip_options_echo fails
+X-Git-Url: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fa60cf7f64a00c16e95717e8dccdb128877e342a
+
+[ICMP]: Fix extra dst release when ip_options_echo fails
+
+When two ip_route_output_key lookups in icmp_send were combined I
+forgot to change the error path for ip_options_echo to not drop the
+dst reference since it now sits before the dst lookup.  To fix it we
+simply jump past the ip_rt_put call.
+
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+--- a/net/ipv4/icmp.c
++++ b/net/ipv4/icmp.c
+@@ -524,7 +524,7 @@ void icmp_send(struct sk_buff *skb_in, i
+ 					  iph->tos;
+ 
+ 	if (ip_options_echo(&icmp_param.replyopts, skb_in))
+-		goto ende;
++		goto out_unlock;
+ 
+ 
+ 	/*

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	Tue Feb  7 05:41:39 2006
@@ -34,3 +34,4 @@
 + mqueue-double-increment.dpatch
 + sysctl-buffer-overflow.dpatch
 + sparc64-clock-settime.dpatch
++ ip_options_echo-extra-dst.dpatch

