[kernel] r16829 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jan 17 19:47:03 UTC 2011
Author: dannf
Date: Mon Jan 17 19:46:59 2011
New Revision: 16829
Log:
econet: Fix crash in aun_incoming() (CVE-2010-4343)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Jan 17 19:41:52 2011 (r16828)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Jan 17 19:46:59 2011 (r16829)
@@ -17,6 +17,7 @@
* econet: Disable auto-loading as mitigation against local exploits. This
module has been shown to be broken, so this risk of this affecting
real users is insignificant.
+ * econet: Fix crash in aun_incoming() (CVE-2010-4343)
[ Moritz Muehlenhoff ]
* blkback/blktap/netback: Fix CVE-2010-3699
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch Mon Jan 17 19:46:59 2011 (r16829)
@@ -0,0 +1,36 @@
+commit 993a857ec1b32e3cd917020231e46bc502226960
+Author: David S. Miller <davem at davemloft.net>
+Date: Wed Dec 8 18:42:23 2010 -0800
+
+ econet: Fix crash in aun_incoming().
+
+ Unconditional use of skb->dev won't work here,
+ try to fetch the econet device via skb_dst()->dev
+ instead.
+
+ Suggested by Eric Dumazet.
+
+ Reported-by: Nelson Elhage <nelhage at ksplice.com>
+ Tested-by: Nelson Elhage <nelhage at ksplice.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+ [dannf: adjusted to apply to Debian's 2.6.26]
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 70a161f..745e4c6 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -847,9 +847,13 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len)
+ {
+ struct iphdr *ip = ip_hdr(skb);
+ unsigned char stn = ntohl(ip->saddr) & 0xff;
++ struct dst_entry *dst = skb_dst(skb);
++ struct ec_device *edev = NULL;
+ struct sock *sk;
+ struct sk_buff *newskb;
+- struct ec_device *edev = skb->dev->ec_ptr;
++
++ if (dst)
++ edev = dst->dev->ec_ptr;
+
+ if (! edev)
+ goto bad;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny2 Mon Jan 17 19:41:52 2011 (r16828)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny2 Mon Jan 17 19:46:59 2011 (r16829)
@@ -14,3 +14,4 @@
+ bugfix/all/scm-lower-SCM_MAX_FD.patch
+ bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch
+ debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
++ bugfix/all/econet-fix-crash-in-aun_incoming.patch
More information about the Kernel-svn-changes
mailing list