[kernel] r9154 - in dists/sid/linux-2.6/debian: . patches/bugfix patches/series

Maximilian Attems maks at alioth.debian.org
Tue Jul 17 09:29:34 UTC 2007 

Author: maks
Date: Tue Jul 17 09:29:33 2007
New Revision: 9154

Log:
2.6.22.1 aka refix CVE-2007-3642


Added:
   dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.1
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/2

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Tue Jul 17 09:29:33 2007
@@ -12,7 +12,12 @@
   * Enable INPUT_UINPUT on mac
   * Add 2.6.22 patches from linux-m68k CVS
 
- -- Christian T. Steigies <cts at debian.org>  Mon, 16 Jul 2007 23:10:23 +0200
+  [ maximilian attems ]
+  * Add stable release 2.6.22.1:
+    - nf_conntrack_h323: add checking of out-of-range on choices' index values
+      (CVE-2007-3642)
+
+ -- maximilian attems <maks at debian.org>  Tue, 17 Jul 2007 11:26:40 +0200
 
 linux-2.6 (2.6.22-1) unstable; urgency=low
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.1
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/2.6.22.1	Tue Jul 17 09:29:33 2007
@@ -0,0 +1,14 @@
+diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
+index 0d3254b..6e41ba5 100644
+--- a/net/netfilter/nf_conntrack_proto_sctp.c
++++ b/net/netfilter/nf_conntrack_proto_sctp.c
+@@ -460,7 +460,8 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
+ 					 SCTP_CONNTRACK_NONE, sch->type);
+ 
+ 		/* Invalid: delete conntrack */
+-		if (newconntrack == SCTP_CONNTRACK_MAX) {
++		if (newconntrack == SCTP_CONNTRACK_NONE ||
++		    newconntrack == SCTP_CONNTRACK_MAX) {
+ 			DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
+ 			return 0;
+ 		}

Modified: dists/sid/linux-2.6/debian/patches/series/2
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/2	(original)
+++ dists/sid/linux-2.6/debian/patches/series/2	Tue Jul 17 09:29:33 2007
@@ -1 +1,2 @@
 + bugfix/alpha/request_irq-retval.patch
++ bugfix/2.6.22.1

More information about the Kernel-svn-changes mailing list