154323 2006-11-07 00:40 0000 Kernel: Fix ipv6 wedge via flowlabel procfs (CVE-2006-5619) 2009-07-11 11:26:18 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All Linux RESOLVED FIXED http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.18.y.git;a=commit;h=d0239f35c7ae63dbe715b1cc66e4860c2cb33154 [linux <2.6.16.31] [linux >=2.6.17 <2.6.18.2] P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org kumba@gentoo.org lcars@gentoo.org jaervosz@gentoo.org 2006-11-07 00:40:15 0000 The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. hlieberman@gentoo.org 2006-12-21 18:39:47 0000 Created an attachment (id=104553) The patch from Git. hlieberman@gentoo.org 2006-12-21 18:54:24 0000 mips-sources: Kumba, please bump to 2.6.19 or patch. systrace-sources: Lcars, please bump to 2.6.19 or patch. xen-sources: Someone on the Xen herd, please bump to 2.6.19 or patch. aross@gentoo.org 2007-01-27 06:03:25 0000 Thanks, this is fixed in xen-sources-2.6.16.28-r2, which will hit the tree in a few hours (just waiting for the mirrors to update before I commit the ebuild). hlieberman@gentoo.org 2007-05-21 23:19:28 0000 . 104553 2006-12-21 18:39 0000 The patch from Git. this text/plain RnJvbTogSGVpa28gQ2Fyc3RlbnMgPGhlaWtvLmNhcnN0ZW5zQGRlLmlibS5jb20+CkRhdGU6IE1v biwgMzAgT2N0IDIwMDYgMjM6MDY6MTIgKzAwMDAgKC0wODAwKQpTdWJqZWN0OiBbTkVUXTogZml4 IHVhY2Nlc3MgaGFuZGxpbmcKWC1HaXQtVGFnOiB2Mi42LjE5LXJjNApYLUdpdC1Vcmw6IGh0dHA6 Ly93d3cua2VybmVsLm9yZy9naXQvP3A9bGludXgva2VybmVsL2dpdC90b3J2YWxkcy9saW51eC0y LjYuZ2l0O2E9Y29tbWl0ZGlmZjtoPWEyN2I1OGZlZDkwY2M1NjU0ZTJkYWYxZDI5MmNjNWJjNjFi ZTRkZDcKCltORVRdOiBmaXggdWFjY2VzcyBoYW5kbGluZwoKU2lnbmVkLW9mZi1ieTogSGVpa28g Q2Fyc3RlbnMgPGhlaWtvLmNhcnN0ZW5zQGRlLmlibS5jb20+ClNpZ25lZC1vZmYtYnk6IERhdmlk IFMuIE1pbGxlciA8ZGF2ZW1AZGF2ZW1sb2Z0Lm5ldD4KLS0tCgotLS0gYS9uZXQvaXB2NC9yYXcu YworKysgYi9uZXQvaXB2NC9yYXcuYwpAQCAtMzI5LDcgKzMyOSw3IEBAIGVycm9yOgogCXJldHVy biBlcnI7IAogfQogCi1zdGF0aWMgdm9pZCByYXdfcHJvYmVfcHJvdG9fb3B0KHN0cnVjdCBmbG93 aSAqZmwsIHN0cnVjdCBtc2doZHIgKm1zZykKK3N0YXRpYyBpbnQgcmF3X3Byb2JlX3Byb3RvX29w dChzdHJ1Y3QgZmxvd2kgKmZsLCBzdHJ1Y3QgbXNnaGRyICptc2cpCiB7CiAJc3RydWN0IGlvdmVj ICppb3Y7CiAJdTggX191c2VyICp0eXBlID0gTlVMTDsKQEAgLTMzOCw3ICszMzgsNyBAQCBzdGF0 aWMgdm9pZCByYXdfcHJvYmVfcHJvdG9fb3B0KHN0cnVjdCBmCiAJdW5zaWduZWQgaW50IGk7CiAK IAlpZiAoIW1zZy0+bXNnX2lvdikKLQkJcmV0dXJuOworCQlyZXR1cm4gMDsKIAogCWZvciAoaSA9 IDA7IGkgPCBtc2ctPm1zZ19pb3ZsZW47IGkrKykgewogCQlpb3YgPSAmbXNnLT5tc2dfaW92W2ld OwpAQCAtMzYwLDggKzM2MCw5IEBAIHN0YXRpYyB2b2lkIHJhd19wcm9iZV9wcm90b19vcHQoc3Ry dWN0IGYKIAkJCQljb2RlID0gaW92LT5pb3ZfYmFzZTsKIAogCQkJaWYgKHR5cGUgJiYgY29kZSkg ewotCQkJCWdldF91c2VyKGZsLT5mbF9pY21wX3R5cGUsIHR5cGUpOwotCQkJICAgICAgICBnZXRf dXNlcihmbC0+ZmxfaWNtcF9jb2RlLCBjb2RlKTsKKwkJCQlpZiAoZ2V0X3VzZXIoZmwtPmZsX2lj bXBfdHlwZSwgdHlwZSkgfHwKKwkJCQkgICAgZ2V0X3VzZXIoZmwtPmZsX2ljbXBfY29kZSwgY29k ZSkpCisJCQkJCXJldHVybiAtRUZBVUxUOwogCQkJCXByb2JlZCA9IDE7CiAJCQl9CiAJCQlicmVh azsKQEAgLTM3Miw2ICszNzMsNyBAQCBzdGF0aWMgdm9pZCByYXdfcHJvYmVfcHJvdG9fb3B0KHN0 cnVjdCBmCiAJCWlmIChwcm9iZWQpCiAJCQlicmVhazsKIAl9CisJcmV0dXJuIDA7CiB9CiAKIHN0 YXRpYyBpbnQgcmF3X3NlbmRtc2coc3RydWN0IGtpb2NiICppb2NiLCBzdHJ1Y3Qgc29jayAqc2ss IHN0cnVjdCBtc2doZHIgKm1zZywKQEAgLTQ4MCw4ICs0ODIsMTEgQEAgc3RhdGljIGludCByYXdf c2VuZG1zZyhzdHJ1Y3Qga2lvY2IgKmlvYwogCQkJCSAgICAucHJvdG8gPSBpbmV0LT5oZHJpbmNs ID8gSVBQUk9UT19SQVcgOgogCQkJCQkgICAgCQkgICAgIHNrLT5za19wcm90b2NvbCwKIAkJCQkg IH07Ci0JCWlmICghaW5ldC0+aGRyaW5jbCkKLQkJCXJhd19wcm9iZV9wcm90b19vcHQoJmZsLCBt c2cpOworCQlpZiAoIWluZXQtPmhkcmluY2wpIHsKKwkJCWVyciA9IHJhd19wcm9iZV9wcm90b19v cHQoJmZsLCBtc2cpOworCQkJaWYgKGVycikKKwkJCQlnb3RvIGRvbmU7CisJCX0KIAogCQlzZWN1 cml0eV9za19jbGFzc2lmeV9mbG93KHNrLCAmZmwpOwogCQllcnIgPSBpcF9yb3V0ZV9vdXRwdXRf ZmxvdygmcnQsICZmbCwgc2ssICEobXNnLT5tc2dfZmxhZ3MmTVNHX0RPTlRXQUlUKSk7Ci0tLSBh L25ldC9pcHY2L3Jhdy5jCisrKyBiL25ldC9pcHY2L3Jhdy5jCkBAIC02MDQsNyArNjA0LDcgQEAg ZXJyb3I6CiAJcmV0dXJuIGVycjsgCiB9CiAKLXN0YXRpYyB2b2lkIHJhd3Y2X3Byb2JlX3Byb3Rv X29wdChzdHJ1Y3QgZmxvd2kgKmZsLCBzdHJ1Y3QgbXNnaGRyICptc2cpCitzdGF0aWMgaW50IHJh d3Y2X3Byb2JlX3Byb3RvX29wdChzdHJ1Y3QgZmxvd2kgKmZsLCBzdHJ1Y3QgbXNnaGRyICptc2cp CiB7CiAJc3RydWN0IGlvdmVjICppb3Y7CiAJdTggX191c2VyICp0eXBlID0gTlVMTDsKQEAgLTYx Niw3ICs2MTYsNyBAQCBzdGF0aWMgdm9pZCByYXd2Nl9wcm9iZV9wcm90b19vcHQoc3RydWN0CiAJ aW50IGk7CiAKIAlpZiAoIW1zZy0+bXNnX2lvdikKLQkJcmV0dXJuOworCQlyZXR1cm4gMDsKIAog CWZvciAoaSA9IDA7IGkgPCBtc2ctPm1zZ19pb3ZsZW47IGkrKykgewogCQlpb3YgPSAmbXNnLT5t c2dfaW92W2ldOwpAQCAtNjM4LDggKzYzOCw5IEBAIHN0YXRpYyB2b2lkIHJhd3Y2X3Byb2JlX3By b3RvX29wdChzdHJ1Y3QKIAkJCQljb2RlID0gaW92LT5pb3ZfYmFzZTsKIAogCQkJaWYgKHR5cGUg JiYgY29kZSkgewotCQkJCWdldF91c2VyKGZsLT5mbF9pY21wX3R5cGUsIHR5cGUpOwotCQkJCWdl dF91c2VyKGZsLT5mbF9pY21wX2NvZGUsIGNvZGUpOworCQkJCWlmIChnZXRfdXNlcihmbC0+Zmxf aWNtcF90eXBlLCB0eXBlKSB8fAorCQkJCSAgICBnZXRfdXNlcihmbC0+ZmxfaWNtcF9jb2RlLCBj b2RlKSkKKwkJCQkJcmV0dXJuIC1FRkFVTFQ7CiAJCQkJcHJvYmVkID0gMTsKIAkJCX0KIAkJCWJy ZWFrOwpAQCAtNjUwLDcgKzY1MSw4IEBAIHN0YXRpYyB2b2lkIHJhd3Y2X3Byb2JlX3Byb3RvX29w dChzdHJ1Y3QKIAkJCS8qIGNoZWNrIGlmIHR5cGUgZmllbGQgaXMgcmVhZGFibGUgb3Igbm90LiAq LwogCQkJaWYgKGlvdi0+aW92X2xlbiA+IDIgLSBsZW4pIHsKIAkJCQl1OCBfX3VzZXIgKnAgPSBp b3YtPmlvdl9iYXNlOwotCQkJCWdldF91c2VyKGZsLT5mbF9taF90eXBlLCAmcFsyIC0gbGVuXSk7 CisJCQkJaWYgKGdldF91c2VyKGZsLT5mbF9taF90eXBlLCAmcFsyIC0gbGVuXSkpCisJCQkJCXJl dHVybiAtRUZBVUxUOwogCQkJCXByb2JlZCA9IDE7CiAJCQl9IGVsc2UKIAkJCQlsZW4gKz0gaW92 LT5pb3ZfbGVuOwpAQCAtNjY0LDYgKzY2Niw3IEBAIHN0YXRpYyB2b2lkIHJhd3Y2X3Byb2JlX3By b3RvX29wdChzdHJ1Y3QKIAkJaWYgKHByb2JlZCkKIAkJCWJyZWFrOwogCX0KKwlyZXR1cm4gMDsK IH0KIAogc3RhdGljIGludCByYXd2Nl9zZW5kbXNnKHN0cnVjdCBraW9jYiAqaW9jYiwgc3RydWN0 IHNvY2sgKnNrLApAQCAtNzg3LDcgKzc5MCw5IEBAIHN0YXRpYyBpbnQgcmF3djZfc2VuZG1zZyhz dHJ1Y3Qga2lvY2IgKmkKIAlvcHQgPSBpcHY2X2ZpeHVwX29wdGlvbnMoJm9wdF9zcGFjZSwgb3B0 KTsKIAogCWZsLnByb3RvID0gcHJvdG87Ci0JcmF3djZfcHJvYmVfcHJvdG9fb3B0KCZmbCwgbXNn KTsKKwllcnIgPSByYXd2Nl9wcm9iZV9wcm90b19vcHQoJmZsLCBtc2cpOworCWlmIChlcnIpCisJ CWdvdG8gb3V0OwogIAogCWlwdjZfYWRkcl9jb3B5KCZmbC5mbDZfZHN0LCBkYWRkcik7CiAJaWYg KGlwdjZfYWRkcl9hbnkoJmZsLmZsNl9zcmMpICYmICFpcHY2X2FkZHJfYW55KCZucC0+c2FkZHIp KQotLS0gYS9uZXQvbmV0bGluay9hZl9uZXRsaW5rLmMKKysrIGIvbmV0L25ldGxpbmsvYWZfbmV0 bGluay5jCkBAIC0xMDc1LDggKzEwNzUsOSBAQCBzdGF0aWMgaW50IG5ldGxpbmtfZ2V0c29ja29w dChzdHJ1Y3Qgc29jCiAJCQlyZXR1cm4gLUVJTlZBTDsKIAkJbGVuID0gc2l6ZW9mKGludCk7CiAJ CXZhbCA9IG5say0+ZmxhZ3MgJiBORVRMSU5LX1JFQ1ZfUEtUSU5GTyA/IDEgOiAwOwotCQlwdXRf dXNlcihsZW4sIG9wdGxlbik7Ci0JCXB1dF91c2VyKHZhbCwgb3B0dmFsKTsKKwkJaWYgKHB1dF91 c2VyKGxlbiwgb3B0bGVuKSB8fAorCQkgICAgcHV0X3VzZXIodmFsLCBvcHR2YWwpKQorCQkJcmV0 dXJuIC1FRkFVTFQ7CiAJCWVyciA9IDA7CiAJCWJyZWFrOwogCWRlZmF1bHQ6Cg==