[kernel] r12141 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Aug 26 22:27:47 UTC 2008
Author: dannf
Date: Tue Aug 26 22:27:47 2008
New Revision: 12141
Log:
bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
Fix integer overflow in dccp_setsockopt_change()
See CVE-2008-3276
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
dists/etch-security/linux-2.6/debian/patches/series/22etch3
Modified:
dists/etch-security/linux-2.6/debian/changelog
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Aug 26 22:27:47 2008
@@ -1,3 +1,11 @@
+linux-2.6 (2.6.18.dfsg.1-22etch3) UNRELEASED; urgency=high
+
+ * bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
+ Fix integer overflow in dccp_setsockopt_change()
+ See CVE-2008-3276
+
+ -- dann frazier <dannf at debian.org> Tue, 26 Aug 2008 16:21:22 -0600
+
linux-2.6 (2.6.18.dfsg.1-22etch2) stable-security; urgency=high
* bugfix/x86-wrong-register-was-used-in-align-macro.patch
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch Tue Aug 26 22:27:47 2008
@@ -0,0 +1,30 @@
+commit 3e8a0a559c66ee9e7468195691a56fefc3589740
+Author: Arnaldo Carvalho de Melo <acme at redhat.com>
+Date: Wed Aug 13 13:48:39 2008 -0700
+
+ dccp: change L/R must have at least one byte in the dccpsf_val field
+
+ Thanks to Eugene Teo for reporting this problem.
+
+ Signed-off-by: Eugene Teo <eugenete at kernel.sg>
+ Signed-off-by: Arnaldo Carvalho de Melo <acme at redhat.com>
+ Signed-off-by: Gerrit Renker <gerrit at erg.abdn.ac.uk>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at hp.com>
+
+diff -urpN linux-source-2.6.18.orig/net/dccp/proto.c linux-source-2.6.18/net/dccp/proto.c
+--- linux-source-2.6.18.orig/net/dccp/proto.c 2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/net/dccp/proto.c 2008-08-26 16:09:52.000000000 -0600
+@@ -431,6 +431,11 @@ static int dccp_setsockopt_change(struct
+
+ if (copy_from_user(&opt, optval, sizeof(opt)))
+ return -EFAULT;
++ /*
++ * rfc4340: 6.1. Change Options
++ */
++ if (opt.dccpsf_len < 1)
++ return -EINVAL;
+
+ val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
+ if (!val)
Added: dists/etch-security/linux-2.6/debian/patches/series/22etch3
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/22etch3 Tue Aug 26 22:27:47 2008
@@ -0,0 +1 @@
++ bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
More information about the Kernel-svn-changes
mailing list