First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 78363
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 78363 depends on: Show dependency tree
Show dependency graph
Bug 78363 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-17 07:03 0000 
CAN-2004-1335
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

See URL for common patches with bug 78362 and bug 74392.

------- Comment #1 From solar 2005-01-18 12:01:19 0000 ------- 
I don't think the mails are going in the inboxes of the people on kern-sec@ for
whatever reason. Or atleast when I just checked my inbox I see nothing.

------- Comment #2 From solar 2005-01-18 12:03:38 0000 ------- 
ignore last comment. They were in my spam folder for whatever reason.

------- Comment #3 From solar 2005-01-18 15:55:11 0000 ------- 
Tim/plasmaroo can you make heads/tails of exactly which patches need to be
added to 2.4.x? he has 4 patches listed.

------- Comment #4 From Tim Yamin (RETIRED) 2005-01-19 07:52:04 0000 ------- 
For this bug just the following changeset is needed (Should apply to 2.4 also):

http://linux.bkbits.net:8080/linux-2.6/gnupatch@41b76673BNGyitGqJmXlJzqgdV85yg

------- Comment #5 From Adam Mondl (RETIRED) 2005-01-21 19:12:24 0000 ------- 
Fixed in ~x86 hardened-sources-2.4.28-r4

------- Comment #6 From solar 2005-02-04 06:44:23 0000 ------- 
Thanks tim grsec-sources patch in ~arch

------- Comment #7 From Thierry Carrez (RETIRED) 2005-03-16 03:16:27 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #8 From Daniel Drake 2005-03-16 05:42:42 0000 ------- 
gentoo-dev-sources is unaffected

------- Comment #9 From Tim Yamin (RETIRED) 2005-03-29 06:12:54 0000 ------- 
`Kumba: It seems mips-sources-2.4.27, 2.4.28, 2.6.8.1 and 2.6.9 still need this
fix; anything >= 2.6.10 already includes it.

------- Comment #10 From Tim Yamin (RETIRED) 2005-04-07 05:20:10 0000 ------- 
openmosix-sources also needs patching...

------- Comment #11 From Joshua Kinard 2005-04-23 22:30:51 0000 ------- 
mips-sources fixed.

------- Comment #12 From Tim Yamin (RETIRED) 2005-08-15 15:36:44 0000 ------- 
All fixed, closing bug.
First Last Prev Next    No search results available      Search page      Enter new bug