debian/arch/i386/config.486-vyatta | 33 ++++-----------------------------
drivers/net/pppol2tp.c | 20 ++++++++++++--------
2 files changed, 16 insertions(+), 37 deletions(-)
New commits:
commit 2b2758facdb3f3587488b23d3100581b867715f3
Author: James Chapman <[EMAIL PROTECTED]>
Date: Tue Jun 10 12:35:00 2008 -0700
l2tp: Fix potential memory corruption in pppol2tp_recvmsg()
This patch fixes a potential memory corruption in
pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer
length, memcpy_toiovec() will go into unintialized data on the kernel
heap, interpret it as an iovec and start modifying memory.
The fix is to change the memcpy_toiovec() call to
skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP)
are handled properly. Also check that the caller's buffer is big
enough for the data and set the MSG_TRUNC flag if it is not so.
Reported-by: Ilja <[EMAIL PROTECTED]>
Signed-off-by: James Chapman <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
commit ecbc25f3fe237ca598f676098890e69efcd27fbb
Author: Stephen Hemminger <[EMAIL PROTECTED]>
Date: Thu Jul 17 14:06:05 2008 -0700
Disable SCTP and DCCP
Avoid running into security problems from buffer overflows in these
protocols. They weren't enabled before so it is not a big loss.
See: CVE-2008-2358, CVE-2008-2826
Revert "Enable TIPC, SCTP and DCCP protocols"
This reverts commit 2947723d7b21fa3a54de84228a9e971c449611a3.
http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=2b2758facdb3f3587488b23d3100581b867715f3
http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=ecbc25f3fe237ca598f676098890e69efcd27fbb
_______________________________________________
svn mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/svn
