Bug#255406: marked as done (kernel-source-2.4.26: Kernel crash when removing interface from wrong bridge group)
Your message dated Thu, 15 Dec 2005 01:47:15 -0800
with message-id <E1Emphj-0003gQ-Sk@spohr.debian.org>
and subject line Bug#255406: fixed in kernel-source-2.4.27 2.4.27-12
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jun 2004 18:16:32 +0000
>From erich@wintermute.xmldesign.de Sun Jun 20 11:16:32 2004
Return-path: <erich@wintermute.xmldesign.de>
Received: from legolas.drinsama.de [62.91.17.164] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Bc6ro-0007eY-00; Sun, 20 Jun 2004 11:16:32 -0700
Received: from localhost (localhost [127.0.0.1])
by localhost (Postfix) with ESMTP
id A9552C4C091; Sun, 20 Jun 2004 20:16:30 +0200 (CEST)
Received: from legolas.drinsama.de ([127.0.0.1])
by localhost (legolas [127.0.0.1]) (amavisd-new, port 10024)
with SMTP id 07470-02; Sun, 20 Jun 2004 20:16:20 +0200 (CEST)
Received: from wintermute.xmldesign.de (p548036AF.dip.t-dialin.net [84.128.54.175])
by legolas.drinsama.de (Postfix) with ESMTP
id C3962C4C093; Sun, 20 Jun 2004 19:56:28 +0200 (CEST)
Received: by wintermute.xmldesign.de (Postfix, from userid 1000)
id 790582340A3; Sun, 20 Jun 2004 19:56:26 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Erich Schubert <erich@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-source-2.4.26: Kernel crash when removing interface from wrong bridge
group
X-Mailer: reportbug 2.61
Date: Sun, 20 Jun 2004 19:56:26 +0200
Message-Id: <20040620175626.790582340A3@wintermute.xmldesign.de>
X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at mucl.de
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel-source-2.4.26
Severity: normal
Some time ago i found a kernel crash in 2.4.x and reported it to LKML.
Unfortunately i never recieved a reply, and i didn't see it in recent
pre-releases of the 2.4.x kernel.
To verify your system is vulnerable (need bridge support):
$ brctl addbr br0
$ brctl addbr br1
$ brctl addif br0 eth0
$ brctl delif br1 eth0
(note br1 in last line, not br0! Deleting from the wrong bridge triggers
the kernel crash.)
This is a 1:1 backport (100% copy&paste) from 2.6.5 of the fix.
Verify yourself, grab the file from 2.6.5, go to the function, copy the
code, paste it and the issue is done. Returns "einval" on invalid
requests instead of causing an inconsistency and a panic.
(fixed sometime in 2.5.x it seems; it might be worth looking at when
this was fixed - it might contain other fixes, too.)
--- net/bridge/br_if.c.2.4.21 2004-05-20 14:34:50.000000000 +0200
+++ net/bridge/br_if.c 2004-05-20 14:37:22.000000000 +0200
@@ -254,6 +254,10 @@
int br_del_if(struct net_bridge *br, struct net_device *dev)
{
int retval;
+ struct net_bridge_port *p;
+
+ if ((p = dev->br_port) == NULL || p->br != br)
+ return -EINVAL;
br_write_lock_bh(BR_NETPROTO_LOCK);
write_lock(&br->lock);
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=de_DE.UTF-8@euro, LC_CTYPE=de_DE.UTF-8@euro
---------------------------------------
Received: (at 255406-close) by bugs.debian.org; 15 Dec 2005 09:51:21 +0000
>From katie@ftp-master.debian.org Thu Dec 15 01:51:21 2005
Return-path: <katie@ftp-master.debian.org>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1Emphj-0003gQ-Sk; Thu, 15 Dec 2005 01:47:15 -0800
From: Simon Horman <horms@verge.net.au>
To: 255406-close@bugs.debian.org
X-Katie: $Revision: 1.60 $
Subject: Bug#255406: fixed in kernel-source-2.4.27 2.4.27-12
Message-Id: <E1Emphj-0003gQ-Sk@spohr.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 15 Dec 2005 01:47:15 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: kernel-source-2.4.27
Source-Version: 2.4.27-12
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:
kernel-doc-2.4.27_2.4.27-12_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-12_all.deb
kernel-patch-debian-2.4.27_2.4.27-12_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-12_all.deb
kernel-source-2.4.27_2.4.27-12.diff.gz
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-12.diff.gz
kernel-source-2.4.27_2.4.27-12.dsc
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-12.dsc
kernel-source-2.4.27_2.4.27-12_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-12_all.deb
kernel-tree-2.4.27_2.4.27-12_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-12_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 255406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Horman <horms@verge.net.au> (supplier of updated kernel-source-2.4.27 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 30 Nov 2005 20:56:54 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-12
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@verge.net.au>
Description:
kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 252187 255406 324591 325871 328707 329354
Changes:
kernel-source-2.4.27 (2.4.27-12) unstable; urgency=low
.
[ Simon Horman ]
* 184_arch-x86_64-ia32-ptrace32-oops.diff
[Security, x86_64] 32 bit ltrace oops when tracing 64 bit executable
http://lkml.org/lkml/2005/1/5/245
http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
See CAN-2005-2553
.
* 185_net-sockglue-cap.diff
[Security] Restrict socket policy loading to CAP_NET_ADMIN.
From 2.6.12.6
See CAN-2005-2555.
.
* control
Add build dependancy on gcc-3.3 (closes: #324591)
.
* There was a bit of a screw up in 2.4.27-11 (by me)
as 183_zisofs.diff was actually a copy of 182_linux-zlib-fixes.diff,
and due to a quirk in the apply scripts, basically caused
the zlib 182_linux-zlib-fixes.diff fixes to be reversed,
and thus neither patch was applied. 186_linux-zlib-fixes-2.diff
and 187_zisofs-2.diff resolve this problem. More information below.
(closes: #325871)
.
* 186_linux-zlib-fixes-2.diff
[Security] Fix security bugs in the Linux zlib implementations.
See CAN-2005-2458, CAN-2005-2459
From 2.6.12.5 and 2.6.12.6
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
http://bugs.gentoo.org/show_bug.cgi?id=94584
.
* 187_zisofs-2.diff
[Security] Check input buffer size in zisofs
From 2.6.12.5
See CAN-2005-2457.
What 183_zisofs.diff (incorectly annotated as zisofs.dpatch)
should have been.
.
* 188_fix-dst-leak-in-icmp_push_reply.diff
[Maybe-Security: Can remote traffic trigger this]
Fix DST leak in icmp_push_reply()
From 2.6.12.6
.
* 189_ipv6-skb-leak.diff
[Maybe-Security: Seems like a local DoS]
Fix SKB leak in ip6_input_finish()
From 2.6.12.6
.
* 180_fs-isofs-ignored-parameters.diff
isofs ignores any mount parameters after iocharset, map or session.
http://lists.debian.org/debian-kernel/2005/08/msg00581.html
.
* 178_fs_ext2_ext3_xattr-sharing.diff
Included in 2.4.27-11 is CAN-2005-2801
.
* 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
Included in 2.4.27-11 is CAN-2005-2872
.
* 190_outs-2.diff (removed 143_outs.diff):
[SECURITY]: AMD64, allows local users to write to privileged
IO ports via OUTS instruction
See CAN-2005-0204
143_outs.diff, included in 2.4.27-11 breaks the
build as IO_BITMAP_BYTES is not defined. 190_outs-2.diff
should resolve this problem by defining IO_BITMAP_BYTES
(closes: #329354)
.
* 191_build_foo.diff
Fix build problems that appear to be caused by recent binutils changes
(closes: #328707)
.
* 192_orinoco-info-leak.diff
[SECURITY] orinoco: Information leakage due to incorrect padding
See CAN-2005-3180
From 2.6.13.4
.
* 194_xfs-inode-race.diff
[SECURITY] XFS: Handle inode creation race
CAN-NOMATCH
Links in Patch file
.
* 195_net-ipv6-udp_v6_get_port-loop.diff
[SECURITY] Fix infinite loop in udp_v6_get_port(). See CVE-2005-2973
.
* 196_net-bridge-if_del-panic.diff
Fix panic when non-existant bridge is deleted
(closes: #255406)
.
* 197_net-plip-invalid-ioctl.diff
Detect invalid ioctls in plip driver
(closes: #252187)
Files:
2c22e5f1e9568bd5e56de47220457b75 897 devel optional kernel-source-2.4.27_2.4.27-12.dsc
250fa245ac2ae613f9f93469ff6414a7 711050 devel optional kernel-source-2.4.27_2.4.27-12.diff.gz
d58b7bb162c53ec6aae211d325086b0b 667962 devel optional kernel-patch-debian-2.4.27_2.4.27-12_all.deb
05c75067afdd26136479d447c8fbd53e 2378488 doc optional kernel-doc-2.4.27_2.4.27-12_all.deb
9f4d67baf6a6a93d2851da081734ae3d 31038516 devel optional kernel-source-2.4.27_2.4.27-12_all.deb
b94bca9944e40801f698d7caaee0c667 25244 devel optional kernel-tree-2.4.27_2.4.27-12_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDjbBTA8ACPgVBDpcRAv+NAJ9UjRlczttuAVA56+sWLJfyPGk9kwCeKFwR
mUGjTJr2o+d0FAbcXVPLxlE=
=6uuP
-----END PGP SIGNATURE-----
Reply to: