[PATCH 00/11] [lucid/master] CVE-2010-4251 v2

Paolo Pisati paolo.pisati at canonical.com
Tue Jul 12 15:51:06 UTC 2011 

On 07/12/2011 11:01 AM, Stefan Bader wrote:
> On 11.07.2011 18:14, Tim Gardner wrote:
>> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>>
>>>> While researching these patches I stumbled across some further analysis
>>>> of this vulnerability by Eugene Teo at
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>>> problem.
>>>
>>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>>> account")? saw that, and is handled in another CVE in our db
>>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>>
>>
>> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
>> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>>
>> rtg
> 
> If it really is the same patch fixing both, it would be possible to have both
> cves referenced there. As it sounds like they got another cve number for fixing
> the fix it sounds more like a matter of submission.
> It should work if Paolo marked the respective patches with the matching cve but
> submitted them as one review. And anything prerequisite gets the cve number of
> whatever was the first that needed it to apply...

let's do it in a single pull, shall we?

The following changes since commit 24292e1c2aa8faa18b39e090a5c41cc51626e069:

  Linux 2.6.32.42+drm33.19 (2011-07-08 06:51:06 -0600)

are available in the git repository at:
  git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next

Eric Dumazet (4):
      ipv6: udp: Optimise multicast reception
      ipv4: udp: Optimise multicast reception
      udp: multicast RX should increment SNMP/sk_drops counter in
allocation failures CVE-2010-4251
      net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805

Zhu Yi (8):
      net: add limit for socket backlog CVE-2010-4251
      tcp: use limited socket backlog CVE-2010-4251
      udp: use limited socket backlog CVE-2010-4251
      llc: use limited socket backlog CVE-2010-4251
      sctp: use limited socket backlog CVE-2010-4251
      tipc: use limited socket backlog CVE-2010-4251
      x25: use limited socket backlog CVE-2010-4251
      net: backlog functions rename CVE-2010-4251

 include/net/sock.h       |   26 +++++++++++-
 net/core/sock.c          |   19 ++++++++-
 net/dccp/minisocks.c     |    2 +-
 net/ipv4/tcp_ipv4.c      |    6 ++-
 net/ipv4/tcp_minisocks.c |    2 +-
 net/ipv4/udp.c           |   96
++++++++++++++++++++++++++++++++-------------
 net/ipv6/tcp_ipv6.c      |    6 ++-
 net/ipv6/udp.c           |   97
+++++++++++++++++++++++++++++++++------------
 net/llc/llc_c_ac.c       |    2 +-
 net/llc/llc_conn.c       |    3 +-
 net/sctp/input.c         |   42 +++++++++++++-------
 net/tipc/socket.c        |    6 ++-
 net/x25/x25_dev.c        |    2 +-
 13 files changed, 225 insertions(+), 84 deletions(-)

Same as the previous patch series, plus the 2010-4805 patch.

-- 
bye,
p.

More information about the kernel-team mailing list