[kernel] r6602 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Thu May 18 23:15:34 UTC 2006
Author: dannf
Date: Thu May 18 23:15:17 2006
New Revision: 6602
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* sctp-discard-unexpected-in-closed.dpatch
[SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
received in CLOSED state instead of calling BUG()
See CVE-2006-2271
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Thu May 18 23:15:17 2006
@@ -36,8 +36,12 @@
[SECURITY][amd64] Fix local DoS vulnerability on em64t systems that arises
when returning program control using SYSRET
See CVE-2006-0744
+ * sctp-discard-unexpected-in-closed.dpatch
+ [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
+ received in CLOSED state instead of calling BUG()
+ See CVE-2006-2271
- -- dann frazier <dannf at debian.org> Thu, 18 May 2006 16:28:52 -0500
+ -- dann frazier <dannf at debian.org> Thu, 18 May 2006 18:12:57 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sctp-discard-unexpected-in-closed.dpatch Thu May 18 23:15:17 2006
@@ -0,0 +1,55 @@
+From: Sridhar Samudrala <sri at us.ibm.com>
+Date: Sat, 6 May 2006 00:05:23 +0000 (-0700)
+Subject: [SCTP]: Fix state table entries for chunks received in CLOSED state.
+X-Git-Tag: v2.6.17-rc4
+X-Git-Url: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
+
+[SCTP]: Fix state table entries for chunks received in CLOSED state.
+
+Discard an unexpected chunk in CLOSED state rather can calling BUG().
+
+Signed-off-by: Sridhar Samudrala <sri at us.ibm.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+--- a/net/sctp/sm_statetable.c
++++ b/net/sctp/sm_statetable.c
+@@ -366,9 +366,9 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ /* SCTP_STATE_EMPTY */ \
+ {.fn = sctp_sf_ootb, .name = "sctp_sf_ootb"}, \
+ /* SCTP_STATE_CLOSED */ \
+- {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++ {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ /* SCTP_STATE_COOKIE_WAIT */ \
+- {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++ {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ /* SCTP_STATE_COOKIE_ECHOED */ \
+ {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
+ /* SCTP_STATE_ESTABLISHED */ \
+@@ -380,7 +380,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
+ {.fn = sctp_sf_do_ecne, .name = "sctp_sf_do_ecne"}, \
+ /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
+- {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++ {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ } /* TYPE_SCTP_ECN_ECNE */
+
+ #define TYPE_SCTP_ECN_CWR { \
+@@ -401,7 +401,7 @@ const sctp_sm_table_entry_t *sctp_sm_loo
+ /* SCTP_STATE_SHUTDOWN_RECEIVED */ \
+ {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ /* SCTP_STATE_SHUTDOWN_ACK_SENT */ \
+- {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++ {.fn = sctp_sf_discard_chunk, .name = "sctp_sf_discard_chunk"}, \
+ } /* TYPE_SCTP_ECN_CWR */
+
+ #define TYPE_SCTP_SHUTDOWN_COMPLETE { \
+@@ -647,7 +647,7 @@ chunk_event_table_unknown[SCTP_STATE_NUM
+ /* SCTP_STATE_EMPTY */ \
+ {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
+ /* SCTP_STATE_CLOSED */ \
+- {.fn = sctp_sf_bug, .name = "sctp_sf_bug"}, \
++ {.fn = sctp_sf_error_closed, .name = "sctp_sf_error_closed"}, \
+ /* SCTP_STATE_COOKIE_WAIT */ \
+ {.fn = sctp_sf_do_prm_requestheartbeat, \
+ .name = "sctp_sf_do_prm_requestheartbeat"}, \
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Thu May 18 23:15:17 2006
@@ -8,3 +8,4 @@
+ cifs-chroot-escape.dpatch
+ binfmt-bad-elf-entry-address.dpatch
+ em64t-uncanonical-return-addr.dpatch
++ sctp-discard-unexpected-in-closed.dpatch
More information about the Kernel-svn-changes
mailing list