diff options
| author |   Michael Marineau <marineam@gentoo.org> | 2007-08-23 22:54:46 +0000 |
|---|---|---|
| committer | Michael Marineau <marineam@gentoo.org> | 2007-08-23 22:54:46 +0000 |
| commit | 86dfe019eb6d316a5e9a060b445b3adab40efc48 (patch) | |
| tree | 5e939a64241bc3b457be829a9e3b7cf54a475304 | |
| parent | swipe dorelease script for hardened and tweek it slightly since I don't need ... (diff) | |
| download | xen-86dfe019eb6d316a5e9a060b445b3adab40efc48.tar.gz xen-86dfe019eb6d316a5e9a060b445b3adab40efc48.tar.bz2 xen-86dfe019eb6d316a5e9a060b445b3adab40efc48.zip | |
Add a debian security patch that was missed. (Was listed in old README file but not in svn)
svn path=/patches/; revision=20
| -rw-r--r-- | trunk/2.6.18/00000_README | 2 | ||||
| -rw-r--r-- | trunk/2.6.18/30011_ipv6_setsockopt-NULL-deref.patch | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/trunk/2.6.18/00000_README b/trunk/2.6.18/00000_README index b977d3e..1446e44 100644 --- a/trunk/2.6.18/00000_README +++ b/trunk/2.6.18/00000_README @@ -70,7 +70,7 @@ Patches ipv6_getsockopt_sticky() which can be triggered by passing a len < 0. See CVE-2007-1000 -????? bugfix/ipv6_getsockopt_sticky-null-opt.patch +30011_ipv6_setsockopt-NULL-deref.patch [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead to a local DoS (oops). See CVE-2007-1388 diff --git a/trunk/2.6.18/30011_ipv6_setsockopt-NULL-deref.patch b/trunk/2.6.18/30011_ipv6_setsockopt-NULL-deref.patch new file mode 100644 index 0000000..3e2d3dc --- /dev/null +++ b/trunk/2.6.18/30011_ipv6_setsockopt-NULL-deref.patch @@ -0,0 +1,28 @@ +From: Olaf Kirch <olaf.kirch@oracle.com> +Date: Fri, 9 Mar 2007 21:55:38 +0000 (-0800) +Subject: [IPV6]: Fix for ipv6_setsockopt NULL dereference +X-Git-Tag: v2.6.21-rc4~50^2~1 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dfee0a725bb027b749ffdd318eb48b91d564b266 + +[IPV6]: Fix for ipv6_setsockopt NULL dereference + +I came across this bug in http://bugzilla.kernel.org/show_bug.cgi?id=8155 + +Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> +Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + +Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf@debian.org> + +--- source/net/ipv6/ipv6_sockglue.c.orig 2007-03-22 09:58:17.000000000 -0600 ++++ source/net/ipv6/ipv6_sockglue.c 2007-03-22 09:59:22.000000000 -0600 +@@ -408,7 +408,7 @@ + } + + /* routing header option needs extra check */ +- if (optname == IPV6_RTHDR && opt->srcrt) { ++ if (optname == IPV6_RTHDR && opt && opt->srcrt) { + struct ipv6_rt_hdr *rthdr = opt->srcrt; + if (rthdr->type) + goto sticky_done; |