[kernel] r12573 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Jan 14 05:27:48 UTC 2009
Author: dannf
Date: Wed Jan 14 05:27:46 2009
New Revision: 12573
Log:
* sctp: fix memory overflow
- bugfix/all/sctp-avoid-memory-overflow.patch
See CVE-2009-0065
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (contents, props changed)
- copied, changed from r12566, /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/23etch2
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Jan 14 05:27:46 2009
@@ -6,8 +6,11 @@
* nfs: Fix fcntl/close race
- bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
See CVE-2008-4307
+ * sctp: fix memory overflow
+ - bugfix/all/sctp-avoid-memory-overflow.patch
+ See CVE-2009-0065
- -- dann frazier <dannf at debian.org> Tue, 13 Jan 2009 22:14:02 -0700
+ -- dann frazier <dannf at debian.org> Tue, 13 Jan 2009 22:25:05 -0700
linux-2.6 (2.6.18.dfsg.1-23etch1) stable-security; urgency=high
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (from r12566, /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch)
==============================================================================
--- /dists/sid/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch (original)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch Wed Jan 14 05:27:46 2009
@@ -25,28 +25,21 @@
Signed-off-by: Vlad Yasevich <vladislav.yasevich at hp.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/net/sctp/sm_statefuns.c linux-source-2.6.26/net/sctp/sm_statefuns.c
---- linux-source-2.6.26.orig/net/sctp/sm_statefuns.c 2009-01-08 16:43:13.000000000 -0700
-+++ linux-source-2.6.26/net/sctp/sm_statefuns.c 2009-01-10 10:15:32.000000000 -0700
-@@ -3641,6 +3641,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
+diff -urpN linux-source-2.6.18.orig/net/sctp/sm_statefuns.c linux-source-2.6.18/net/sctp/sm_statefuns.c
+--- linux-source-2.6.18.orig/net/sctp/sm_statefuns.c 2008-10-13 09:28:32.000000000 -0600
++++ linux-source-2.6.18/net/sctp/sm_statefuns.c 2009-01-13 22:22:46.000000000 -0700
+@@ -3466,6 +3466,8 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
{
struct sctp_chunk *chunk = arg;
struct sctp_fwdtsn_hdr *fwdtsn_hdr;
+ struct sctp_fwdtsn_skip *skip;
- __u16 len;
- __u32 tsn;
-
-@@ -3701,6 +3702,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
- {
- struct sctp_chunk *chunk = arg;
- struct sctp_fwdtsn_hdr *fwdtsn_hdr;
+ struct sctp_fwdtsn_skip *skip;
__u16 len;
__u32 tsn;
-@@ -3730,6 +3732,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+@@ -3495,6 +3497,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
goto gen_shutdown;
@@ -64,4 +57,4 @@
+
sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
if (len > sizeof(struct sctp_fwdtsn_hdr))
- sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
+ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
Modified: dists/etch-security/linux-2.6/debian/patches/series/23etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/23etch2 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/23etch2 Wed Jan 14 05:27:46 2009
@@ -1,2 +1,3 @@
+ bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
+ bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
++ bugfix/all/sctp-avoid-memory-overflow.patch
More information about the Kernel-svn-changes
mailing list