Author: dannf
Date: Mon Nov 13 02:41:27 2006
New Revision: 7779
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/234_atm-clip-freed-skb-deref.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
Log:
* 234_atm-clip-freed-skb-deref.diff
[SECURITY] Avoid dereferencing an already freed skb, preventing a
potential remote DoS (system crash) vector
See CVE-2006-4997
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Mon Nov 13 02:41:27 2006
@@ -4,8 +4,12 @@
[SECURITY] Prevent cross-region mappings on ia64 and sparc which
could be used in a local DoS attack (system crash)
See CVE-2006-4538
+ * 234_atm-clip-freed-skb-deref.diff
+ [SECURITY] Avoid dereferencing an already freed skb, preventing a
+ potential remote DoS (system crash) vector
+ See CVE-2006-4997
- -- dann frazier <[EMAIL PROTECTED]> Fri, 10 Nov 2006 15:22:03 -0700
+ -- dann frazier <[EMAIL PROTECTED]> Sun, 12 Nov 2006 18:39:22 -0700
kernel-source-2.4.27 (2.4.27-10sarge4) stable-security; urgency=high
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/234_atm-clip-freed-skb-deref.diff
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/234_atm-clip-freed-skb-deref.diff
Mon Nov 13 02:41:27 2006
@@ -0,0 +1,38 @@
+From: dann frazier <[EMAIL PROTECTED]>
+Date: Thu, 28 Sep 2006 00:25:27 +0000 (-0600)
+Subject: [PATCH] Backport fix for CVE-2006-4997 to 2.4 tree
+X-Git-Tag: v2.4.34-pre4
+X-Git-Url:
http://www.kernel.org/git/?p=linux/kernel/git/wtarreau/linux-2.4.git;a=commitdiff;h=e642722f285e8fd335d109c557bb90b50cc10bd5
+
+[PATCH] Backport fix for CVE-2006-4997 to 2.4 tree
+
+Backport fix for CVE-2006-4997 to 2.4 tree, compile tested.
+Original commit message follows.
+
+[ATM] CLIP: Do not refer freed skbuff in clip_mkip().
+
+In clip_mkip(), skb->dev is dereferenced after clip_push(),
+which frees up skb.
+
+Advisory: AD_LAB-06009 (<[EMAIL PROTECTED]>).
+
+Original patch by YOSHIFUJI Hideaki.
+
+Signed-off-by: dann frazier <[EMAIL PROTECTED]>
+Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
+---
+
+--- a/net/atm/clip.c
++++ b/net/atm/clip.c
+@@ -489,9 +489,11 @@ static int clip_mkip(struct atm_vcc *vcc
+ else {
+ unsigned int len = skb->len;
+
++ skb_get(skb);
+ clip_push(vcc,skb);
+ PRIV(skb->dev)->stats.rx_packets--;
+ PRIV(skb->dev)->stats.rx_bytes -= len;
++ kfree_skb(skb);
+ }
+ return 0;
+ }
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge5
Mon Nov 13 02:41:27 2006
@@ -1 +1,2 @@
+ 233_ia64-sparc-cross-region-mappings.diff
++ 234_atm-clip-freed-skb-deref.diff
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
