From patchwork Tue Jul 12 15:51:06 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [00/11,lucid/master] CVE-2010-4251 v2 From: Paolo Pisati X-Patchwork-Id: 104405 Message-Id: <4E1C6D6A.7070308@canonical.com> To: kernel-team@lists.ubuntu.com Date: Tue, 12 Jul 2011 17:51:06 +0200 On 07/12/2011 11:01 AM, Stefan Bader wrote: > On 11.07.2011 18:14, Tim Gardner wrote: >> On 07/11/2011 10:03 AM, Paolo Pisati wrote: >>> On 07/11/2011 05:23 PM, Tim Gardner wrote: >>>> >>>> While researching these patches I stumbled across some further analysis >>>> of this vulnerability by Eugene Teo at >>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he >>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the >>>> problem. >>> >>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into >>> account")? saw that, and is handled in another CVE in our db >>> (CVE-2010-4805), so i wanted to issue a subsequent pull. >>> >> >> Since both CVEs address the same issue, I wonder if we shouldn't just fix them >> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ? >> >> rtg > > If it really is the same patch fixing both, it would be possible to have both > cves referenced there. As it sounds like they got another cve number for fixing > the fix it sounds more like a matter of submission. > It should work if Paolo marked the respective patches with the matching cve but > submitted them as one review. And anything prerequisite gets the cve number of > whatever was the first that needed it to apply... let's do it in a single pull, shall we? The following changes since commit 24292e1c2aa8faa18b39e090a5c41cc51626e069: Linux 2.6.32.42+drm33.19 (2011-07-08 06:51:06 -0600) are available in the git repository at: git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next Eric Dumazet (4): ipv6: udp: Optimise multicast reception ipv4: udp: Optimise multicast reception udp: multicast RX should increment SNMP/sk_drops counter in allocation failures CVE-2010-4251 net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805 Zhu Yi (8): net: add limit for socket backlog CVE-2010-4251 tcp: use limited socket backlog CVE-2010-4251 udp: use limited socket backlog CVE-2010-4251 llc: use limited socket backlog CVE-2010-4251 sctp: use limited socket backlog CVE-2010-4251 tipc: use limited socket backlog CVE-2010-4251 x25: use limited socket backlog CVE-2010-4251 net: backlog functions rename CVE-2010-4251 include/net/sock.h | 26 +++++++++++- net/core/sock.c | 19 ++++++++- net/dccp/minisocks.c | 2 +- net/ipv4/tcp_ipv4.c | 6 ++- net/ipv4/tcp_minisocks.c | 2 +- net/ipv4/udp.c | 96 ++++++++++++++++++++++++++++++++------------- net/ipv6/tcp_ipv6.c | 6 ++- net/ipv6/udp.c | 97 +++++++++++++++++++++++++++++++++------------ net/llc/llc_c_ac.c | 2 +- net/llc/llc_conn.c | 3 +- net/sctp/input.c | 42 +++++++++++++------- net/tipc/socket.c | 6 ++- net/x25/x25_dev.c | 2 +- 13 files changed, 225 insertions(+), 84 deletions(-) Same as the previous patch series, plus the 2010-4805 patch.