[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

2.4.27 ABI Change for CAN-2005-0449


I would like to advise that kernel-source-2.4.27 is
vulnerable to CAN-2005-0449 and that the fix requires
an ABI change. This is the same situation as kernel-source-2.6.8,
and the patch is almost identical.

CAN-2005-0449 is a remotely exploitable bug that allows
carefully crafted packets to cause the kernel to crash
by exploting a race in the fragmentation handling code.


For reference the fix can be found at

This changes the ABI by adding an extra argument to the
ip_defrag() and ip_ct_gather_frags() exported functions.

The intention of this email is to advise the d-i team of this change
so a schedule for release can be discussed. I am happy to 
ommit the the inclusion of the fix CAN-2005-0449 from the
next release of kernel-source-2.4.27, and delay its inclusion
as the d-i team recommends.

At this stage, this is the only ABI change I have for kernel-source-2.4.27.
I will advise if this situation changes.


Reply to: