[kernel] r8372 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Mon Mar 19 08:02:05 UTC 2007 

Author: dannf
Date: Mon Mar 19 07:02:04 2007
New Revision: 8372

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/11etch1
Log:
* [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
  to a local DoS (oops).
  See CVE-2007-1388

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Mon Mar 19 07:02:04 2007
@@ -5,8 +5,11 @@
     key_alloc_serial() that could lead to a local DoS (oops).
     (closes: #398470)
     See CVE-2007-0006
+  * [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
+    to a local DoS (oops).
+    See CVE-2007-1388
 
- -- dann frazier <dannf at debian.org>  Fri, 16 Mar 2007 17:15:06 -0600
+ -- dann frazier <dannf at debian.org>  Mon, 19 Mar 2007 00:52:09 -0600
 
 linux-2.6 (2.6.18.dfsg.1-11) unstable; urgency=low
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch	Mon Mar 19 07:02:04 2007
@@ -0,0 +1,28 @@
+From: Olaf Kirch <olaf.kirch at oracle.com>
+Date: Fri, 9 Mar 2007 21:55:38 +0000 (-0800)
+Subject: [IPV6]: Fix for ipv6_setsockopt NULL dereference
+X-Git-Tag: v2.6.21-rc4~50^2~1
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dfee0a725bb027b749ffdd318eb48b91d564b266
+
+[IPV6]: Fix for ipv6_setsockopt NULL dereference
+
+I came across this bug in http://bugzilla.kernel.org/show_bug.cgi?id=8155
+
+Signed-off-by: Olaf Kirch <olaf.kirch at oracle.com>
+Acked-by: YOSHIFUJI Hideaki <yoshfuji at linux-ipv6.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+
+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
+index 4e0561a..b82333b 100644
+--- a/net/ipv6/ipv6_sockglue.c
++++ b/net/ipv6/ipv6_sockglue.c
+@@ -413,7 +413,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
+ 		}
+ 
+ 		/* routing header option needs extra check */
+-		if (optname == IPV6_RTHDR && opt->srcrt) {
++		if (optname == IPV6_RTHDR && opt && opt->srcrt) {
+ 			struct ipv6_rt_hdr *rthdr = opt->srcrt;
+ 			switch (rthdr->type) {
+ 			case IPV6_SRCRT_TYPE_0:

Modified: dists/etch-security/linux-2.6/debian/patches/series/11etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/11etch1	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/11etch1	Mon Mar 19 07:02:04 2007
@@ -1 +1,2 @@
 + bugfix/keys-serial-num-collision.patch
++ bugfix/ipv6_setsockopt-NULL-deref.patch

More information about the Kernel-svn-changes mailing list