diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2011-11-08 09:10:51 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2011-11-08 09:10:51 +0000 |
| commit | 2139ae806ed3c8a5f26253579e4b15447b907e10 (patch) | |
| tree | 4922ae6d9932b48624cfa494a4266afc382fa68b /retired/CVE-2010-4249 | |
| parent | f8525c88099df81c721f35e1c4f83f6149bc3f26 (diff) | |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2541 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2010-4249')
| -rw-r--r-- | retired/CVE-2010-4249 | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/retired/CVE-2010-4249 b/retired/CVE-2010-4249 new file mode 100644 index 00000000..162465c1 --- /dev/null +++ b/retired/CVE-2010-4249 @@ -0,0 +1,42 @@ +Candidate: CVE-2010-4249 +Description: +References: + http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b + http://thread.gmane.org/gmane.linux.network/179049/focus=179051 + http://www.spinics.net/lists/netdev/msg147946.html + > From Eugene Teo: + > Reproducer: http://lkml.org/lkml/2010/11/23/395 + > Partial fix: http://lkml.org/lkml/2010/11/23/450 + > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756 +Notes: + Note from Neil Horman in the RH bugtracker: + Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution. + We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next. + . + jmm> Looks like the following commits are needed from Linus git? + jmm> 25888e30319f8896fc656fc68643e6a078263060 + jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b + jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next) + dannf> fyi, i have the last two queued up in my tree; it has an + dannf> abi change which i need to address properly before commit. + dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in + dannf> http://lkml.org/lkml/2010/11/23/395. + dannf> The reproducer associated with 25888e303 + dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has + dannf> different symptoms (unkillable process vs. OOM) - perhaps it should + dannf> have a different CVE? + dannf> + dannf> I've added CVE-2010-af_unix-recursion to track that issue. + jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47 +Bugs: +upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d] +2.6.32-upstream-stable: released (2.6.32.47) +sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] +2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch] +2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch] + + + + + + |