[kernel] r6602 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Thu May 18 23:15:34 UTC 2006


Author: dannf
Date: Thu May 18 23:15:17 2006
New Revision: 6602

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* sctp-discard-unexpected-in-closed.dpatch
  [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
  received in CLOSED state instead of calling BUG()
  See CVE-2006-2271

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Thu May 18 23:15:17 2006
@@ -36,8 +36,12 @@
     [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that arises
     when returning program control using SYSRET
     See CVE-2006-0744
+  * sctp-discard-unexpected-in-closed.dpatch
+    [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
+    received in CLOSED state instead of calling BUG()
+    See CVE-2006-2271
 
- -- dann frazier <dannf at debian.org>  Thu, 18 May 2006 16:28:52 -0500
+ -- dann frazier <dannf at debian.org>  Thu, 18 May 2006 18:12:57 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch	Thu May 18 23:15:17 2006
@@ -0,0 +1,55 @@
+From: Sridhar Samudrala <sri at us.ibm.com>
+Date: Sat, 6 May 2006 00:05:23 +0000 (-0700)
+Subject: [SCTP]: Fix state table entries for chunks received in CLOSED state.
+X-Git-Tag: v2.6.17-rc4
+X-Git-Url: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
+
+[SCTP]: Fix state table entries for chunks received in CLOSED state.
+
+Discard an unexpected chunk in CLOSED state rather can calling BUG().
+
+Signed-off-by: Sridhar Samudrala <sri at us.ibm.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+--- a/net/sctp/sm_statetable.c
++++ b/net/sctp/sm_statetable.c
+@@ -366,9 +366,9 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ 	/* SCTP_STATE_EMPTY */ \
+ 	{.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \
+ 	/* SCTP_STATE_CLOSED */ \
+-	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++	{.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ 	/* SCTP_STATE_COOKIE_WAIT */ \
+-	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++	{.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ 	/* SCTP_STATE_COOKIE_ECHOED */ \
+ 	{.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
+ 	/* SCTP_STATE_ESTABLISHED */ \
+@@ -380,7 +380,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ 	/* SCTP_STATE_SHUTDOWN_RECEIVED */ \
+ 	{.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
+ 	/* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
+-	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++	{.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ } /* TYPE_SCTP_ECN_ECNE */
+ 
+ #define TYPE_SCTP_ECN_CWR { \
+@@ -401,7 +401,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ 	/* SCTP_STATE_SHUTDOWN_RECEIVED */ \
+ 	{.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ 	/* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
+-	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++	{.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ } /* TYPE_SCTP_ECN_CWR */
+ 
+ #define TYPE_SCTP_SHUTDOWN_COMPLETE { \
+@@ -647,7 +647,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM
+ 	/* SCTP_STATE_EMPTY */ \
+ 	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
+ 	/* SCTP_STATE_CLOSED */ \
+-	{.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++	{.fn = sctp_sf_error_closed, .name = "sctp_sf_error_closed"}, \
+ 	/* SCTP_STATE_COOKIE_WAIT */ \
+ 	{.fn = sctp_sf_do_prm_requestheartbeat,		      \
+ 	 .name = "sctp_sf_do_prm_requestheartbeat"},          \

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Thu May 18 23:15:17 2006
@@ -8,3 +8,4 @@
 + cifs-chroot-escape.dpatch
 + binfmt-bad-elf-entry-address.dpatch
 + em64t-uncanonical-return-addr.dpatch
++ sctp-discard-unexpected-in-closed.dpatch



More information about the Kernel-svn-changes mailing list