[kernel] r8529 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Mon Apr 30 23:25:54 UTC 2007 

Author: dannf
Date: Mon Apr 30 23:25:53 2007
New Revision: 8529

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/nfnetlink_log-null-deref.patch
   dists/etch-security/linux-2.6/debian/patches/series/12etch2
Modified:
   dists/etch-security/linux-2.6/debian/changelog
Log:
* bugfix/nfnetlink_log-null-deref.patch
  [SECURITY] Fix remotely exploitable NULL pointer dereference in
  nfulnl_recv_config()
  See CVE-2007-1496

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Apr 30 23:25:53 2007
@@ -1,3 +1,12 @@
+linux-2.6 (2.6.18.dfsg.1-12etch2) UNRELEASED; urgency=high
+
+  * bugfix/nfnetlink_log-null-deref.patch
+    [SECURITY] Fix remotely exploitable NULL pointer dereference in
+    nfulnl_recv_config()
+    See CVE-2007-1496
+
+ -- dann frazier <dannf at debian.org>  Mon, 30 Apr 2007 17:20:14 -0600
+
 linux-2.6 (2.6.18.dfsg.1-12etch1) stable-security; urgency=high
 
   * bugfix/core-dump-unreadable-PT_INTERP.patch

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/nfnetlink_log-null-deref.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/nfnetlink_log-null-deref.patch	Mon Apr 30 23:25:53 2007
@@ -0,0 +1,37 @@
+From: Michal Miroslaw <mirq-linux at rere.qmqm.pl>
+Date: Sun, 4 Mar 2007 23:59:20 +0000 (-0800)
+Subject: [NETFILTER]: nfnetlink_log: fix possible NULL pointer dereference
+X-Git-Tag: v2.6.21~469^2~10
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dd16704eba171b32ef0cded3a4f562b33b911066
+
+[NETFILTER]: nfnetlink_log: fix possible NULL pointer dereference
+
+Eliminate possible NULL pointer dereference in nfulnl_recv_config().
+
+Signed-off-by: Michal Miroslaw <mirq-linux at rere.qmqm.pl>
+Signed-off-by: Patrick McHardy <kaber at trash.net>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
+index 1b94051..b669db5 100644
+--- a/net/netfilter/nfnetlink_log.c
++++ b/net/netfilter/nfnetlink_log.c
+@@ -858,6 +858,9 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
+ 			ret = -EINVAL;
+ 			break;
+ 		}
++
++		if (!inst)
++			goto out;
+ 	} else {
+ 		if (!inst) {
+ 			UDEBUG("no config command, and no instance for "
+@@ -911,6 +914,7 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
+ 
+ out_put:
+ 	instance_put(inst);
++out:
+ 	return ret;
+ }
+ 

Added: dists/etch-security/linux-2.6/debian/patches/series/12etch2
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/12etch2	Mon Apr 30 23:25:53 2007
@@ -0,0 +1 @@
++ bugfix/nfnetlink_log-null-deref.patch

More information about the Kernel-svn-changes mailing list