blob: 162465c14a90026e44041bffe2f6bdf638aa0aaf (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Candidate: CVE-2010-4249
Description:
References:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=9915672d41273f5b77f1b3c29b391ffb7732b84b
http://thread.gmane.org/gmane.linux.network/179049/focus=179051
http://www.spinics.net/lists/netdev/msg147946.html
> From Eugene Teo:
> Reproducer: http://lkml.org/lkml/2010/11/23/395
> Partial fix: http://lkml.org/lkml/2010/11/23/450
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=656756
Notes:
Note from Neil Horman in the RH bugtracker:
Note that9915672d41273f5b77f1b3c29b391ffb7732b84b is only part of the solution.
We also need bba14de98753cb6599a2dae0e520714b2153522d from net-next.
.
jmm> Looks like the following commits are needed from Linus git?
jmm> 25888e30319f8896fc656fc68643e6a078263060
jmm> 9915672d41273f5b77f1b3c29b391ffb7732b84b
jmm> bba14de98753cb6599a2dae0e520714b2153522d (from net-next)
dannf> fyi, i have the last two queued up in my tree; it has an
dannf> abi change which i need to address properly before commit.
dannf> tests show this was sufficient to avoid OOM'ing w/ the reproducer in
dannf> http://lkml.org/lkml/2010/11/23/395.
dannf> The reproducer associated with 25888e303
dannf> (https://lkml.org/lkml/2010/11/25/8) is different; and has
dannf> different symptoms (unkillable process vs. OOM) - perhaps it should
dannf> have a different CVE?
dannf>
dannf> I've added CVE-2010-af_unix-recursion to track that issue.
jmm> 2.6.32.40 is missing bba14, it was added in 2.6.32.47
Bugs:
upstream: released (2.6.38) [25888e30319f8896fc656fc68643e6a078263060, 9915672d41273f5b77f1b3c29b391ffb7732b84b, bba14de98753cb6599a2dae0e520714b2153522d]
2.6.32-upstream-stable: released (2.6.32.47)
sid: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
2.6.26-lenny-security: released (2.6.26-26lenny2) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch]
2.6.32-squeeze-security: released (2.6.32-30) [bugfix/all/af_unix-limit-unix_tot_inflight.patch, bugfix/all/scm-lower-SCM_MAX_FD.patch, bugfix/all/af_unix-limit-recursion-level.patch]
|