[kernel] r8372 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Sun, 18 Mar 2007 23:02:07 -0800 

Author: dannf
Date: Mon Mar 19 07:02:04 2007
New Revision: 8372

Added:
   
dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/11etch1
Log:
* [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
  to a local DoS (oops).
  See CVE-2007-1388

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog      (original)
+++ dists/etch-security/linux-2.6/debian/changelog      Mon Mar 19 07:02:04 2007
@@ -5,8 +5,11 @@
     key_alloc_serial() that could lead to a local DoS (oops).
     (closes: #398470)
     See CVE-2007-0006
+  * [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
+    to a local DoS (oops).
+    See CVE-2007-1388
 
- -- dann frazier <[EMAIL PROTECTED]>  Fri, 16 Mar 2007 17:15:06 -0600
+ -- dann frazier <[EMAIL PROTECTED]>  Mon, 19 Mar 2007 00:52:09 -0600
 
 linux-2.6 (2.6.18.dfsg.1-11) unstable; urgency=low
 

Added: 
dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch
==============================================================================
--- (empty file)
+++ 
dists/etch-security/linux-2.6/debian/patches/bugfix/ipv6_setsockopt-NULL-deref.patch
        Mon Mar 19 07:02:04 2007
@@ -0,0 +1,28 @@
+From: Olaf Kirch <[EMAIL PROTECTED]>
+Date: Fri, 9 Mar 2007 21:55:38 +0000 (-0800)
+Subject: [IPV6]: Fix for ipv6_setsockopt NULL dereference
+X-Git-Tag: v2.6.21-rc4~50^2~1
+X-Git-Url: 
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dfee0a725bb027b749ffdd318eb48b91d564b266
+
+[IPV6]: Fix for ipv6_setsockopt NULL dereference
+
+I came across this bug in http://bugzilla.kernel.org/show_bug.cgi?id=8155
+
+Signed-off-by: Olaf Kirch <[EMAIL PROTECTED]>
+Acked-by: YOSHIFUJI Hideaki <[EMAIL PROTECTED]>
+Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
+---
+
+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
+index 4e0561a..b82333b 100644
+--- a/net/ipv6/ipv6_sockglue.c
++++ b/net/ipv6/ipv6_sockglue.c
+@@ -413,7 +413,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, 
int optname,
+               }
+ 
+               /* routing header option needs extra check */
+-              if (optname == IPV6_RTHDR && opt->srcrt) {
++              if (optname == IPV6_RTHDR && opt && opt->srcrt) {
+                       struct ipv6_rt_hdr *rthdr = opt->srcrt;
+                       switch (rthdr->type) {
+                       case IPV6_SRCRT_TYPE_0:

Modified: dists/etch-security/linux-2.6/debian/patches/series/11etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/11etch1 (original)
+++ dists/etch-security/linux-2.6/debian/patches/series/11etch1 Mon Mar 19 
07:02:04 2007
@@ -1 +1,2 @@
 + bugfix/keys-serial-num-collision.patch
++ bugfix/ipv6_setsockopt-NULL-deref.patch

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to