FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 07-11-2011, 02:20 PM
Paolo Pisati
 
Default CVE-2010-4251 v2

All patches but 4 (ipv4: udp: Optimise multicast reception) are clean cherry-picks from upstream.
Patches 3-5 are not related to this CVE, but 6 depends on them.
Tested on a lucid qemu image: boot test plus an entire system `apt-get upgrade`.

Eric Dumazet (3):
ipv6: udp: Optimise multicast reception
ipv4: udp: Optimise multicast reception
udp: multicast RX should increment SNMP/sk_drops counter in
allocation failures CVE-2010-4251

Zhu Yi (8):
net: add limit for socket backlog CVE-2010-4251
tcp: use limited socket backlog CVE-2010-4251
udp: use limited socket backlog CVE-2010-4251
llc: use limited socket backlog CVE-2010-4251
sctp: use limited socket backlog CVE-2010-4251
tipc: use limited socket backlog CVE-2010-4251
x25: use limited socket backlog CVE-2010-4251
net: backlog functions rename CVE-2010-4251

include/net/sock.h | 17 +++++++-
net/core/sock.c | 16 +++++++-
net/dccp/minisocks.c | 2 +-
net/ipv4/tcp_ipv4.c | 6 ++-
net/ipv4/tcp_minisocks.c | 2 +-
net/ipv4/udp.c | 92 ++++++++++++++++++++++++++++++++--------------
net/ipv6/tcp_ipv6.c | 6 ++-
net/ipv6/udp.c | 89 +++++++++++++++++++++++++++++++-------------
net/llc/llc_c_ac.c | 2 +-
net/llc/llc_conn.c | 3 +-
net/sctp/input.c | 42 +++++++++++++-------
net/sctp/socket.c | 3 +
net/tipc/socket.c | 6 ++-
net/x25/x25_dev.c | 2 +-
14 files changed, 204 insertions(+), 84 deletions(-)

--
1.7.5.4


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-11-2011, 03:23 PM
Tim Gardner
 
Default CVE-2010-4251 v2

On 07/11/2011 08:20 AM, Paolo Pisati wrote:

All patches but 4 (ipv4: udp: Optimise multicast reception) are clean cherry-picks from upstream.
Patches 3-5 are not related to this CVE, but 6 depends on them.
Tested on a lucid qemu image: boot test plus an entire system `apt-get upgrade`.

Eric Dumazet (3):
ipv6: udp: Optimise multicast reception
ipv4: udp: Optimise multicast reception
udp: multicast RX should increment SNMP/sk_drops counter in
allocation failures CVE-2010-4251

Zhu Yi (8):
net: add limit for socket backlog CVE-2010-4251
tcp: use limited socket backlog CVE-2010-4251
udp: use limited socket backlog CVE-2010-4251
llc: use limited socket backlog CVE-2010-4251
sctp: use limited socket backlog CVE-2010-4251
tipc: use limited socket backlog CVE-2010-4251
x25: use limited socket backlog CVE-2010-4251
net: backlog functions rename CVE-2010-4251

include/net/sock.h | 17 +++++++-
net/core/sock.c | 16 +++++++-
net/dccp/minisocks.c | 2 +-
net/ipv4/tcp_ipv4.c | 6 ++-
net/ipv4/tcp_minisocks.c | 2 +-
net/ipv4/udp.c | 92 ++++++++++++++++++++++++++++++++--------------
net/ipv6/tcp_ipv6.c | 6 ++-
net/ipv6/udp.c | 89 +++++++++++++++++++++++++++++++-------------
net/llc/llc_c_ac.c | 2 +-
net/llc/llc_conn.c | 3 +-
net/sctp/input.c | 42 +++++++++++++-------
net/sctp/socket.c | 3 +
net/tipc/socket.c | 6 ++-
net/x25/x25_dev.c | 2 +-
14 files changed, 204 insertions(+), 84 deletions(-)



While researching these patches I stumbled across some further analysis
of this vulnerability by Eugene Teo at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
problem.


If we're gonna wreak this level of havoc on the network layer, then we
might as well go all the way. Also, with more then 2 patches in a series
I prefer a pull request.


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-11-2011, 04:03 PM
Paolo Pisati
 
Default CVE-2010-4251 v2

On 07/11/2011 05:23 PM, Tim Gardner wrote:
>
> While researching these patches I stumbled across some further analysis
> of this vulnerability by Eugene Teo at
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
> problem.

you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
account")? saw that, and is handled in another CVE in our db
(CVE-2010-4805), so i wanted to issue a subsequent pull.

> If we're gonna wreak this level of havoc on the network layer, then we
^^^^^^^^^^^^^^^^^^^^^^^^^

and you didn't see what it takes to make it to hardy...

--
bye,
p.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-11-2011, 04:14 PM
Tim Gardner
 
Default CVE-2010-4251 v2

On 07/11/2011 10:03 AM, Paolo Pisati wrote:

On 07/11/2011 05:23 PM, Tim Gardner wrote:


While researching these patches I stumbled across some further analysis
of this vulnerability by Eugene Teo at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
problem.


you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
account")? saw that, and is handled in another CVE in our db
(CVE-2010-4805), so i wanted to issue a subsequent pull.



Since both CVEs address the same issue, I wonder if we shouldn't just
fix them in the same patch set. Perhaps mark CVE-2010-4251 as a
duplicate of CVE-2010-4805 ?


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-12-2011, 09:01 AM
Stefan Bader
 
Default CVE-2010-4251 v2

On 11.07.2011 18:14, Tim Gardner wrote:
> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>
>>> While researching these patches I stumbled across some further analysis
>>> of this vulnerability by Eugene Teo at
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>> problem.
>>
>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>> account")? saw that, and is handled in another CVE in our db
>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>
>
> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>
> rtg

If it really is the same patch fixing both, it would be possible to have both
cves referenced there. As it sounds like they got another cve number for fixing
the fix it sounds more like a matter of submission.
It should work if Paolo marked the respective patches with the matching cve but
submitted them as one review. And anything prerequisite gets the cve number of
whatever was the first that needed it to apply...

-Stefan

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-12-2011, 03:51 PM
Paolo Pisati
 
Default CVE-2010-4251 v2

On 07/12/2011 11:01 AM, Stefan Bader wrote:
> On 11.07.2011 18:14, Tim Gardner wrote:
>> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>>
>>>> While researching these patches I stumbled across some further analysis
>>>> of this vulnerability by Eugene Teo at
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>>> problem.
>>>
>>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>>> account")? saw that, and is handled in another CVE in our db
>>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>>
>>
>> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
>> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>>
>> rtg
>
> If it really is the same patch fixing both, it would be possible to have both
> cves referenced there. As it sounds like they got another cve number for fixing
> the fix it sounds more like a matter of submission.
> It should work if Paolo marked the respective patches with the matching cve but
> submitted them as one review. And anything prerequisite gets the cve number of
> whatever was the first that needed it to apply...

let's do it in a single pull, shall we?

The following changes since commit 24292e1c2aa8faa18b39e090a5c41cc51626e069:

Linux 2.6.32.42+drm33.19 (2011-07-08 06:51:06 -0600)

are available in the git repository at:
git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next

Eric Dumazet (4):
ipv6: udp: Optimise multicast reception
ipv4: udp: Optimise multicast reception
udp: multicast RX should increment SNMP/sk_drops counter in
allocation failures CVE-2010-4251
net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805

Zhu Yi (8):
net: add limit for socket backlog CVE-2010-4251
tcp: use limited socket backlog CVE-2010-4251
udp: use limited socket backlog CVE-2010-4251
llc: use limited socket backlog CVE-2010-4251
sctp: use limited socket backlog CVE-2010-4251
tipc: use limited socket backlog CVE-2010-4251
x25: use limited socket backlog CVE-2010-4251
net: backlog functions rename CVE-2010-4251

include/net/sock.h | 26 +++++++++++-
net/core/sock.c | 19 ++++++++-
net/dccp/minisocks.c | 2 +-
net/ipv4/tcp_ipv4.c | 6 ++-
net/ipv4/tcp_minisocks.c | 2 +-
net/ipv4/udp.c | 96
++++++++++++++++++++++++++++++++-------------
net/ipv6/tcp_ipv6.c | 6 ++-
net/ipv6/udp.c | 97
+++++++++++++++++++++++++++++++++------------
net/llc/llc_c_ac.c | 2 +-
net/llc/llc_conn.c | 3 +-
net/sctp/input.c | 42 +++++++++++++-------
net/tipc/socket.c | 6 ++-
net/x25/x25_dev.c | 2 +-
13 files changed, 225 insertions(+), 84 deletions(-)

Same as the previous patch series, plus the 2010-4805 patch.

--
bye,
p.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 01:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org