Bug 137626 - xt_sctp: fix endless loop caused by 0 chunk length (CVE-2006-3085)
|
Bug#:
137626
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Kernel
|
|
|
URL:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21
|
|
Summary: xt_sctp: fix endless loop caused by 0 chunk length (CVE-2006-3085)
|
|
Keywords:
|
|
Status Whiteboard: [linux <2.6.16.21] [linux >=2.6.17 <2.6.17.1]
|
|
Opened: 2006-06-22 11:05 0000
|
Fix endless loop in the SCTP match similar to those already fixed in the
SCTP conntrack helper (was CVE-2006-1527).
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
dsd: Please bump genpatches-2.6.16 to .21.
Hi!
2.6.16.22 is already out in the open, allthough I stumbled over it by accident.
Is there an easy way to keep track of these updates? They're only on the
kernel.org frontpage for the latest series (now 2.6.17).
Cheers
Sebastian
Fixed in gentoo-sources-2.6.16-r11 / genpatches-2.6.16-23
Maintainers please bump to 2.6.16.23/2.7.17.3 preferably or
genpatches-2.6.16-13/genpatches-2.6.17-2:
ck-sources-2.6.16: marineam
ck-sources-2.6.17: marineam
hardened-sources-2.6: johnm, hardened
mips-sources-2.6.16: `Kumba
rsbac-sources-2.6: kang
sh-sources-2.6: vapier
suspend2-sources-2.6: brix
usermode-sources-2.6: dang
xbox-sources-2.6: chrb, gimli
xen-sources-2.6: chrb, agriffis
usermode-sources done for 2.6.16. There isn't a 2.6.17 yet, so it will get the
newest genpatches when it's added.
Fixed in sys-kernel/suspend2-sources-2.6.16-r10.
sys-kernel/suspend2-sources-2.6.17* is not yet in portage.
Fixed in ck-sources-2.6.16_p12-r1 and ck-sources-2.6.17_p1-r1.
