Author: dannf
Date: Fri May 11 21:16:30 2007
New Revision: 8571
Added:
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch
- copied, changed from r8568,
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch
Modified:
dists/etch/linux-2.6/debian/changelog
dists/etch/linux-2.6/debian/patches/series/13
Log:
fixed fix for CVE-2007-2242
Modified: dists/etch/linux-2.6/debian/changelog
==============================================================================
--- dists/etch/linux-2.6/debian/changelog (original)
+++ dists/etch/linux-2.6/debian/changelog Fri May 11 21:16:30 2007
@@ -1,4 +1,4 @@
-linux-2.6 (2.6.18.dfsg.1-13) UNRELEASED; urgency=low
+linux-2.6 (2.6.18.dfsg.1-13) UNRELEASED; urgency=high
[ Bastian Blank ]
* [vserver] Fix overflow in network accounting. (closes: #412132)
@@ -17,6 +17,12 @@
Fix mounting of network filesystems with VX_BINARY_MOUNT caps
(closes: #418076)
* Disable broken CONFIG_IP_ROUTE_MULTIPATH_CACHED setting. (closes: #418344)
+ * bugfix/ipv6-disallow-RH0-by-default.patch
+ [SECURITY] Avoid a remote DoS (network amplification between two routers)
+ by disabling type0 IPv6 route headers by default. Can be re-enabled via
+ a sysctl interface. Thanks to Vlad Yasevich for porting help.
+ This patch changes the kernel ABI.
+ See CVE-2007-2242
* Fix an oops which potentially results in data corruption in the gdth
driver.
(closes: #412092)
* bugfix/amd64-make-gart-ptes-uncacheable.patch
Copied:
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch
(from r8568,
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch)
==============================================================================
---
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch
(original)
+++
dists/etch/linux-2.6/debian/patches/bugfix/ipv6-disallow-RH0-by-default.patch
Fri May 11 21:16:30 2007
@@ -17,12 +17,12 @@
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
---
-Backported to Debian's 2.6.18 by dann frazier with help from Vlad Yasevich
+Backported to Debian's 2.6.18 by dann frazier and Vlad Yasevich
-diff -urN linux-source-2.6.18.orig/Documentation/networking/ip-sysctl.txt
linux-source-2.6.18/Documentation/networking/ip-sysctl.txt
---- linux-source-2.6.18.orig/Documentation/networking/ip-sysctl.txt
2006-09-19 21:42:06.000000000 -0600
-+++ linux-source-2.6.18/Documentation/networking/ip-sysctl.txt 2007-05-01
09:57:58.000000000 -0600
-@@ -775,6 +775,14 @@
+diff -urpN linux-source-2.6.18.orig/Documentation/networking/ip-sysctl.txt
linux-source-2.6.18/Documentation/networking/ip-sysctl.txt
+--- linux-source-2.6.18.orig/Documentation/networking/ip-sysctl.txt
2007-05-11 15:09:21.000000000 -0600
++++ linux-source-2.6.18/Documentation/networking/ip-sysctl.txt 2007-05-11
15:10:03.000000000 -0600
+@@ -775,6 +775,14 @@ accept_redirects - BOOLEAN
Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
@@ -37,10 +37,10 @@
autoconf - BOOLEAN
Autoconfigure addresses using Prefix Information in Router
Advertisements.
-diff -urN linux-source-2.6.18.orig/include/linux/ipv6.h
linux-source-2.6.18/include/linux/ipv6.h
---- linux-source-2.6.18.orig/include/linux/ipv6.h 2006-09-19
21:42:06.000000000 -0600
-+++ linux-source-2.6.18/include/linux/ipv6.h 2007-05-01 10:04:07.000000000
-0600
-@@ -153,6 +153,7 @@
+diff -urpN linux-source-2.6.18.orig/include/linux/ipv6.h
linux-source-2.6.18/include/linux/ipv6.h
+--- linux-source-2.6.18.orig/include/linux/ipv6.h 2007-05-11
15:09:21.000000000 -0600
++++ linux-source-2.6.18/include/linux/ipv6.h 2007-05-11 15:10:03.000000000
-0600
+@@ -153,6 +153,7 @@ struct ipv6_devconf {
__s32 accept_ra_rt_info_max_plen;
#endif
#endif
@@ -48,7 +48,7 @@
void *sysctl;
};
-@@ -180,6 +181,7 @@
+@@ -180,6 +181,7 @@ enum {
DEVCONF_ACCEPT_RA_RTR_PREF,
DEVCONF_RTR_PROBE_INTERVAL,
DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
@@ -56,10 +56,10 @@
DEVCONF_MAX
};
-diff -urN linux-source-2.6.18.orig/include/linux/sysctl.h
linux-source-2.6.18/include/linux/sysctl.h
---- linux-source-2.6.18.orig/include/linux/sysctl.h 2007-04-09
10:49:30.000000000 -0600
-+++ linux-source-2.6.18/include/linux/sysctl.h 2007-05-01 08:54:28.000000000
-0600
-@@ -553,6 +553,7 @@
+diff -urpN linux-source-2.6.18.orig/include/linux/sysctl.h
linux-source-2.6.18/include/linux/sysctl.h
+--- linux-source-2.6.18.orig/include/linux/sysctl.h 2007-05-11
15:09:21.000000000 -0600
++++ linux-source-2.6.18/include/linux/sysctl.h 2007-05-11 15:10:03.000000000
-0600
+@@ -553,6 +553,7 @@ enum {
NET_IPV6_ACCEPT_RA_RTR_PREF=20,
NET_IPV6_RTR_PROBE_INTERVAL=21,
NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
@@ -67,10 +67,10 @@
__NET_IPV6_MAX
};
-diff -urN linux-source-2.6.18.orig/net/ipv6/addrconf.c
linux-source-2.6.18/net/ipv6/addrconf.c
---- linux-source-2.6.18.orig/net/ipv6/addrconf.c 2007-04-09
10:49:31.000000000 -0600
-+++ linux-source-2.6.18/net/ipv6/addrconf.c 2007-05-01 09:34:40.000000000
-0600
-@@ -173,6 +173,7 @@
+diff -urpN linux-source-2.6.18.orig/net/ipv6/addrconf.c
linux-source-2.6.18/net/ipv6/addrconf.c
+--- linux-source-2.6.18.orig/net/ipv6/addrconf.c 2007-05-11
15:09:21.000000000 -0600
++++ linux-source-2.6.18/net/ipv6/addrconf.c 2007-05-11 15:10:07.000000000
-0600
+@@ -173,6 +173,7 @@ struct ipv6_devconf ipv6_devconf = {
.accept_ra_rt_info_max_plen = 0,
#endif
#endif
@@ -78,7 +78,7 @@
};
static struct ipv6_devconf ipv6_devconf_dflt = {
-@@ -203,6 +204,7 @@
+@@ -203,6 +204,7 @@ static struct ipv6_devconf ipv6_devconf_
.accept_ra_rt_info_max_plen = 0,
#endif
#endif
@@ -86,7 +86,7 @@
};
/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
-@@ -3333,6 +3335,7 @@
+@@ -3333,6 +3335,7 @@ static void inline ipv6_store_devconf(st
array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] =
cnf->accept_ra_rt_info_max_plen;
#endif
#endif
@@ -94,9 +94,9 @@
}
/* Maximum length of ifinfomsg attributes */
-@@ -3891,6 +3894,14 @@
- .child =
addrconf_sysctl.addrconf_proto_dir,
- },
+@@ -3847,6 +3850,14 @@ static struct addrconf_sysctl_table
+ #endif
+ #endif
{
+ .ctl_name = NET_IPV6_ACCEPT_SOURCE_ROUTE,
+ .procname = "accept_source_route",
@@ -109,10 +109,10 @@
.ctl_name = 0, /* sentinel */
}
},
-diff -urN linux-source-2.6.18.orig/net/ipv6/exthdrs.c
linux-source-2.6.18/net/ipv6/exthdrs.c
---- linux-source-2.6.18.orig/net/ipv6/exthdrs.c 2007-05-01
09:43:02.000000000 -0600
-+++ linux-source-2.6.18/net/ipv6/exthdrs.c 2007-05-01 14:21:32.000000000
-0600
-@@ -221,10 +221,24 @@
+diff -urpN linux-source-2.6.18.orig/net/ipv6/exthdrs.c
linux-source-2.6.18/net/ipv6/exthdrs.c
+--- linux-source-2.6.18.orig/net/ipv6/exthdrs.c 2007-05-11
15:09:21.000000000 -0600
++++ linux-source-2.6.18/net/ipv6/exthdrs.c 2007-05-11 15:10:03.000000000
-0600
+@@ -221,10 +221,24 @@ static int ipv6_rthdr_rcv(struct sk_buff
struct inet6_skb_parm *opt = IP6CB(skb);
struct in6_addr *addr;
struct in6_addr daddr;
@@ -138,7 +138,7 @@
if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
!pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3)))
{
-@@ -235,6 +249,12 @@
+@@ -235,6 +249,12 @@ static int ipv6_rthdr_rcv(struct sk_buff
hdr = (struct ipv6_rt_hdr *) skb->h.raw;
@@ -151,7 +151,7 @@
if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
skb->pkt_type != PACKET_HOST) {
IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
-@@ -253,12 +273,6 @@
+@@ -253,12 +273,6 @@ looped_back:
return 1;
}
Modified: dists/etch/linux-2.6/debian/patches/series/13
==============================================================================
--- dists/etch/linux-2.6/debian/patches/series/13 (original)
+++ dists/etch/linux-2.6/debian/patches/series/13 Fri May 11 21:16:30 2007
@@ -3,5 +3,6 @@
+ bugfix/fix-syscallX-uml.patch
+ bugfix/mips/tcp-checksum.patch
+ bugfix/jmicron-generic-device-conflict.patch
++ bugfix/ipv6-disallow-RH0-by-default.patch
+ bugfix/gdth_copy_cmd-oops-fix.patch
+ bugfix/amd64-make-gart-ptes-uncacheable.patch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
