[kernel] r12142 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Aug 26 22:32:01 UTC 2008
Author: dannf
Date: Tue Aug 26 22:32:00 2008
New Revision: 12142
Log:
Fix integer overflow in dccp_setsockopt_change() (CVE-2008-3276)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog (original)
+++ dists/etch-security/linux-2.6.24/debian/changelog Tue Aug 26 22:32:00 2008
@@ -5,8 +5,9 @@
* Fix possible information leak in seq_oss_synth.c
(CVE-2008-3272)
* Fix regression introduced upstream by the fixes for CVE-2008-1673
+ * Fix integer overflow in dccp_setsockopt_change() (CVE-2008-3276)
- -- dann frazier <dannf at debian.org> Sun, 17 Aug 2008 19:12:39 -0600
+ -- dann frazier <dannf at debian.org> Tue, 26 Aug 2008 16:29:23 -0600
linux-2.6.24 (2.6.24-6~etchnhalf.4) stable; urgency=low
Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch Tue Aug 26 22:32:00 2008
@@ -0,0 +1,30 @@
+commit 3e8a0a559c66ee9e7468195691a56fefc3589740
+Author: Arnaldo Carvalho de Melo <acme at redhat.com>
+Date: Wed Aug 13 13:48:39 2008 -0700
+
+ dccp: change L/R must have at least one byte in the dccpsf_val field
+
+ Thanks to Eugene Teo for reporting this problem.
+
+ Signed-off-by: Eugene Teo <eugenete at kernel.sg>
+ Signed-off-by: Arnaldo Carvalho de Melo <acme at redhat.com>
+ Signed-off-by: Gerrit Renker <gerrit at erg.abdn.ac.uk>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at hp.com>
+
+diff -urpN linux-source-2.6.24.orig/net/dccp/proto.c linux-source-2.6.24/net/dccp/proto.c
+--- linux-source-2.6.24.orig/net/dccp/proto.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/net/dccp/proto.c 2008-08-26 16:07:29.000000000 -0600
+@@ -458,6 +458,11 @@ static int dccp_setsockopt_change(struct
+
+ if (copy_from_user(&opt, optval, sizeof(opt)))
+ return -EFAULT;
++ /*
++ * rfc4340: 6.1. Change Options
++ */
++ if (opt.dccpsf_len < 1)
++ return -EINVAL;
+
+ val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
+ if (!val)
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5 (original)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5 Tue Aug 26 22:32:00 2008
@@ -2,3 +2,4 @@
+ bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
+ bugfix/cifs-fix-compiler-warning.patch
+ bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
++ bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
More information about the Kernel-svn-changes
mailing list