[kernel] r6523 - in dists/sid/linux-2.6/debian: patches
patches/series
Bastian Blank
waldi at costa.debian.org
Wed May 3 08:37:46 UTC 2006
Author: waldi
Date: Wed May 3 08:37:44 2006
New Revision: 6523
Added:
dists/sid/linux-2.6/debian/patches/2.6.16.13 (contents, props changed)
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/12
Log:
Add stable release 2.6.16.13.
* debian/changelog: Update.
* debian/patches/series/12: Add 2.6.16.13.
* debian/patches/2.6.16.13: Add.
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Wed May 3 08:37:44 2006
@@ -26,6 +26,8 @@
- cs5535_gpio.c: call cdev_del() during module_exit to unmap kobject references and other cleanups
- MIPS: Fix branch emulation for floating-point exceptions.
- x86/PAE: Fix pte_clear for the >4GB RAM case
+ * Add stable release 2.6.16.13:
+ - NETFILTER: SCTP conntrack: fix infinite loop (CVE-2006-1527)
* Remove merged patches.
* Rediff xen patch.
Added: dists/sid/linux-2.6/debian/patches/2.6.16.13
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/2.6.16.13 Wed May 3 08:37:44 2006
@@ -0,0 +1,54 @@
+diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+index be602e8..df67679 100644
+--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
++++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+@@ -235,12 +235,15 @@ static int do_basic_checks(struct ip_con
+ flag = 1;
+ }
+
+- /* Cookie Ack/Echo chunks not the first OR
+- Init / Init Ack / Shutdown compl chunks not the only chunks */
+- if ((sch->type == SCTP_CID_COOKIE_ACK
++ /*
++ * Cookie Ack/Echo chunks not the first OR
++ * Init / Init Ack / Shutdown compl chunks not the only chunks
++ * OR zero-length.
++ */
++ if (((sch->type == SCTP_CID_COOKIE_ACK
+ || sch->type == SCTP_CID_COOKIE_ECHO
+ || flag)
+- && count !=0 ) {
++ && count !=0) || !sch->length) {
+ DEBUGP("Basic checks failed\n");
+ return 1;
+ }
+diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
+index cf798e6..cd2326d 100644
+--- a/net/netfilter/nf_conntrack_proto_sctp.c
++++ b/net/netfilter/nf_conntrack_proto_sctp.c
+@@ -240,12 +240,15 @@ static int do_basic_checks(struct nf_con
+ flag = 1;
+ }
+
+- /* Cookie Ack/Echo chunks not the first OR
+- Init / Init Ack / Shutdown compl chunks not the only chunks */
+- if ((sch->type == SCTP_CID_COOKIE_ACK
++ /*
++ * Cookie Ack/Echo chunks not the first OR
++ * Init / Init Ack / Shutdown compl chunks not the only chunks
++ * OR zero-length.
++ */
++ if (((sch->type == SCTP_CID_COOKIE_ACK
+ || sch->type == SCTP_CID_COOKIE_ECHO
+ || flag)
+- && count !=0 ) {
++ && count !=0) || !sch->length) {
+ DEBUGP("Basic checks failed\n");
+ return 1;
+ }
+-
+To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
+the body of a message to majordomo at vger.kernel.org
+More majordomo info at http://vger.kernel.org/majordomo-info.html
+Please read the FAQ at http://www.tux.org/lkml/
+
Modified: dists/sid/linux-2.6/debian/patches/series/12
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/12 (original)
+++ dists/sid/linux-2.6/debian/patches/series/12 Wed May 3 08:37:44 2006
@@ -1,2 +1,3 @@
- alpha-build-fix.patch
+ 2.6.16.12
++ 2.6.16.13
More information about the Kernel-svn-changes
mailing list