[kernel] r6615 - in
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sat May 20 00:32:34 UTC 2006
Author: dannf
Date: Sat May 20 00:32:33 2006
New Revision: 6615
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/212_ipv4-sin_zero_clear.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3
Log:
* 212_ipv4-sin_zero_clear.diff
[SECURITY] Fix local information leak in af_inet code
See CVE-2006-1342
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sat May 20 00:32:33 2006
@@ -20,8 +20,11 @@
[SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
allows for a remote DoS attack (kmalloc'd memory corruption)
See CVE-2006-1368
+ * 212_ipv4-sin_zero_clear.diff
+ [SECURITY] Fix local information leak in af_inet code
+ See CVE-2006-1342
- -- dann frazier <dannf at debian.org> Fri, 19 May 2006 17:51:10 -0500
+ -- dann frazier <dannf at debian.org> Fri, 19 May 2006 19:24:12 -0500
kernel-source-2.4.27 (2.4.27-10sarge2) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/212_ipv4-sin_zero_clear.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/212_ipv4-sin_zero_clear.diff Sat May 20 00:32:33 2006
@@ -0,0 +1,35 @@
+Fix for CVE-2006-1342, removed the first hunk of the upstream fix because it has
+already been applied in 043_ipsec.diff
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+diff-tree 09d3b3dcfa80c9094f1748c1be064b9326c9ef2b (from 5dceef59f2919d7396853e4264636e3bd55f85e7)
+Author: Pavel Kankovsky <peak at argo.troja.mff.cuni.cz>
+Date: Sat Mar 4 14:53:16 2006 +0100
+
+ [PATCH] Fix small information leak in SO_ORIGINAL_DST and getname()
+
+ It appears sockaddr_in.sin_zero is not zeroed during certain operations
+ returning IPv4 socket names, namely:
+
+ - getsockopt(...SO_ORIGINAL_DST...) (2.4 and 2.6)
+ see getorigdst() in net/ipv4/netfilter/ip_conntrack_core.c
+
+ - getsockname() and getpeername()
+ see inet_getname() in net/ipv4/af_inet.c
+
+ A small patch for 2.4 fixing the problem is enclosed. Its first part
+ (fixing net/ipv4/af_inet.c) is identical to the change made in 2.6.
+
+diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
+index e32dc17..afbb6cb 100644
+--- a/net/ipv4/netfilter/ip_conntrack_core.c
++++ b/net/ipv4/netfilter/ip_conntrack_core.c
+@@ -1349,6 +1349,7 @@ getorigdst(struct sock *sk, int optval,
+ .tuple.dst.u.tcp.port;
+ sin.sin_addr.s_addr = h->ctrack->tuplehash[IP_CT_DIR_ORIGINAL]
+ .tuple.dst.ip;
++ memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
+
+ DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
+ NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3 Sat May 20 00:32:33 2006
@@ -3,3 +3,4 @@
+ 209_sctp-discard-unexpected-in-closed.diff
+ 210_ipv4-id-no-increment.diff
+ 211_usb-gadget-rndis-bufoverflow.diff
++ 212_ipv4-sin_zero_clear.diff
More information about the Kernel-svn-changes
mailing list