[kernel] r17611 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jun 6 03:01:27 UTC 2011
Author: dannf
Date: Mon Jun 6 03:01:26 2011
New Revision: 17611
Log:
gre: fix netns vs proto registration ordering (CVE-2011-1767)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Jun 6 01:26:55 2011 (r17610)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Jun 6 03:01:26 2011 (r17611)
@@ -39,6 +39,7 @@
* agp: fix OOM and buffer overflow (CVE-2011-1746)
* can: Add missing socket check in can/raw release (CVE-2011-1748)
* [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
+ * gre: fix netns vs proto registration ordering (CVE-2011-1767)
[ Ben Hutchings ]
* [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch Mon Jun 6 03:01:26 2011 (r17611)
@@ -0,0 +1,49 @@
+commit c2892f02712e9516d72841d5c019ed6916329794
+Author: Alexey Dobriyan <adobriyan at gmail.com>
+Date: Tue Feb 16 07:57:44 2010 +0000
+
+ gre: fix netns vs proto registration ordering
+
+ GRE protocol receive hook can be called right after protocol addition is done.
+ If netns stuff is not yet initialized, we're going to oops in
+ net_generic().
+
+ This is remotely oopsable if ip_gre is compiled as module and packet
+ comes at unfortunate moment of module loading.
+
+ Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+ [dannf: backported to Debian's 2.6.26]
+
+diff -urpN linux-source-2.6.26.orig/net/ipv4/ip_gre.c linux-source-2.6.26/net/ipv4/ip_gre.c
+--- linux-source-2.6.26.orig/net/ipv4/ip_gre.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/ipv4/ip_gre.c 2011-06-05 19:39:48.411064447 -0600
+@@ -1235,16 +1235,22 @@ static int __init ipgre_init(void)
+
+ printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+
+- if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+- printk(KERN_INFO "ipgre init: can't add protocol\n");
+- return -EAGAIN;
+- }
+-
+ err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ if (err < 0)
+- inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
++ return err;
+
++ err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
++ if (err < 0) {
++ printk(KERN_INFO "ipgre init: can't add protocol\n");
++ goto add_proto_failed;
++ }
++
++ out:
+ return err;
++
++ add_proto_failed:
++ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
++ goto out;
+ }
+
+ static void __exit ipgre_fini(void)
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Jun 6 01:26:55 2011 (r17610)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Jun 6 03:01:26 2011 (r17611)
@@ -37,3 +37,4 @@
+ bugfix/all/agp-fix-OOM-and-buffer-overflow.patch
+ bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
+ bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
++ bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
More information about the Kernel-svn-changes
mailing list