2.4.27 ABI Change for CAN-2005-0449

To: debian-boot@lists.debian.org
Cc: debian-kernel@lists.debian.org, micha@debian.org
Subject: 2.4.27 ABI Change for CAN-2005-0449
From: Horms <horms@debian.org>
Date: Tue, 22 Mar 2005 22:44:11 +0900
Message-id: <[🔎] 20050322134408.GA9154@debian.org>
Mail-followup-to: debian-boot@lists.debian.org, debian-kernel@lists.debian.org, micha@debian.org

Hi,

I would like to advise that kernel-source-2.4.27 is
vulnerable to CAN-2005-0449 and that the fix requires
an ABI change. This is the same situation as kernel-source-2.6.8,
and the patch is almost identical.

CAN-2005-0449 is a remotely exploitable bug that allows
carefully crafted packets to cause the kernel to crash
by exploting a race in the fragmentation handling code.

http://oss.sgi.com/archives/netdev/2005-01/msg01048.html

For reference the fix can be found at
http://linux.bkbits.net:8080/linux-2.4/cset@41f88485GhpPWpvjU0X_-6IkvMcbRA

This changes the ABI by adding an extra argument to the
ip_defrag() and ip_ct_gather_frags() exported functions.

The intention of this email is to advise the d-i team of this change
so a schedule for release can be discussed. I am happy to 
ommit the the inclusion of the fix CAN-2005-0449 from the
next release of kernel-source-2.4.27, and delay its inclusion
as the d-i team recommends.

At this stage, this is the only ABI change I have for kernel-source-2.4.27.
I will advise if this situation changes.

-- 
Horms

Reply to:

Follow-Ups:
- Re: 2.4.27 ABI Change for CAN-2005-0449
  - From: Horms <horms@debian.org>

Prev by Date: Re: Bug#261824: time's up
Next by Date: Bug#300789: (no subject)
Previous by thread: RE: Installing 2.6 with Promise's S150 SX4-M SATA card
Next by thread: Re: 2.4.27 ABI Change for CAN-2005-0449
Index(es):
- Date
- Thread