[kernel] r8414 - in
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian:
. patches patches/series
Dann Frazier
dannf at alioth.debian.org
Sat Mar 31 23:05:02 UTC 2007
Author: dannf
Date: Sat Mar 31 23:05:01 2007
New Revision: 8414
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/243_ipv6_fl_socklist-no-share.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Log:
* 243_ipv6_fl_socklist-no-share.diff
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sat Mar 31 23:05:01 2007
@@ -14,8 +14,13 @@
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
- -- dann frazier <dannf at debian.org> Sat, 31 Mar 2007 15:49:18 -0600
+ -- dann frazier <dannf at debian.org> Sat, 31 Mar 2007 17:04:51 -0600
kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/243_ipv6_fl_socklist-no-share.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/243_ipv6_fl_socklist-no-share.diff Sat Mar 31 23:05:01 2007
@@ -0,0 +1,38 @@
+From: Willy Tarreau <w at 1wt.eu>
+Date: Thu, 22 Mar 2007 20:22:10 +0000 (+0100)
+Subject: [PATCH] IPV6: ipv6_fl_socklist is inadvertently shared.
+X-Git-Tag: v2.4.35-pre2~1
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=86b21d8a1b97aaf523749d9c7b03b113e0cf9ee0
+
+[PATCH] IPV6: ipv6_fl_socklist is inadvertently shared.
+
+Backport from 2.6. Original patch from Masayuki Nakagawa, with
+his description below :
+
+"
+ The ipv6_fl_socklist from listening socket is inadvertently shared
+ with new socket created for connection. This leads to a variety of
+ interesting, but fatal, bugs. For example, removing one of the
+ sockets may lead to the other socket's encountering a page fault
+ when the now freed list is referenced.
+
+ The fix is to not share the flow label list with the new socket.
+"
+
+original patch:
+ Signed-off-by: Masayuki Nakagawa <nakagawa.msy at ncos.nec.co.jp>
+Signed-off-by: Willy Tarreau <w at 1wt.eu>
+---
+
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index 33eeee8..d3127e2 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1354,6 +1354,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
+ First: no IPv4 options.
+ */
+ newsk->protinfo.af_inet.opt = NULL;
++ np->ipv6_fl_list = NULL;
+
+ /* Clone RX bits */
+ np->rxopt.all = sk->net_pinfo.af_inet6.rxopt.all;
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Sat Mar 31 23:05:01 2007
@@ -2,3 +2,4 @@
+ 240_smbfs-honor-mount-opts-2.diff
+ 241_bluetooth-capi-size-checks.diff
+ 242_ext3-fsfuzz.diff
++ 243_ipv6_fl_socklist-no-share.diff
More information about the Kernel-svn-changes
mailing list