[kernel] r12570 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Tue Jan 13 06:07:16 2009
New Revision: 12570

Log:
sctp: fix memory overflow (CVE-2009-0065)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch   (contents, props changed)
      - copied, changed from r12567, /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	(original)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Tue Jan 13 06:07:16 2009
@@ -5,8 +5,9 @@
   * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
   * Set a minimum timeout for SG_IO requests (CVE-2008-5700)
   * [mips] Fix potential DOS by untrusted user app (CVE-2008-5701)
+  * sctp: fix memory overflow (CVE-2009-0065)
 
- -- dann frazier <dannf at debian.org>  Mon, 12 Jan 2009 22:40:33 -0700
+ -- dann frazier <dannf at debian.org>  Mon, 12 Jan 2009 23:01:24 -0700
 
 linux-2.6.24 (2.6.24-6~etchnhalf.7) stable-security; urgency=high
 

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (from r12567, /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch)
==============================================================================
--- /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch	(original)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch	Tue Jan 13 06:07:16 2009
@@ -25,28 +25,21 @@
     Signed-off-by: Vlad Yasevich <vladislav.yasevich at hp.com>
     Signed-off-by: David S. Miller <davem at davemloft.net>
 
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
 
-diff -urpN linux-source-2.6.26.orig/net/sctp/sm_statefuns.c linux-source-2.6.26/net/sctp/sm_statefuns.c
---- linux-source-2.6.26.orig/net/sctp/sm_statefuns.c	2009-01-08 16:43:13.000000000 -0700
-+++ linux-source-2.6.26/net/sctp/sm_statefuns.c	2009-01-10 10:15:32.000000000 -0700
-@@ -3641,6 +3641,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
+diff -urpN linux-source-2.6.24.orig/net/sctp/sm_statefuns.c linux-source-2.6.24/net/sctp/sm_statefuns.c
+--- linux-source-2.6.24.orig/net/sctp/sm_statefuns.c	2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/net/sctp/sm_statefuns.c	2009-01-12 22:57:05.000000000 -0700
+@@ -3629,6 +3629,8 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
  {
  	struct sctp_chunk *chunk = arg;
  	struct sctp_fwdtsn_hdr *fwdtsn_hdr;
 +	struct sctp_fwdtsn_skip *skip;
- 	__u16 len;
- 	__u32 tsn;
- 
-@@ -3701,6 +3702,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
- {
- 	struct sctp_chunk *chunk = arg;
- 	struct sctp_fwdtsn_hdr *fwdtsn_hdr;
 +	struct sctp_fwdtsn_skip *skip;
  	__u16 len;
  	__u32 tsn;
  
-@@ -3730,6 +3732,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+@@ -3658,6 +3660,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
  	if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
  		goto gen_shutdown;
  

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1	(original)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.7etch1	Tue Jan 13 06:07:16 2009
@@ -2,3 +2,4 @@
 + bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
 + bugfix/all/enforce-minimum-SG_IO-timeout.patch
 + bugfix/mips/fix-potential-dos.patch
++ bugfix/all/sctp-avoid-memory-overflow.patch