[Acked] [CVE-2013-6405][Lucid][PATCH 0/2] inet: prevent leakage of uninitialized memory to user in recv syscalls
Andy Whitcroft
apw at canonical.com
Thu Dec 12 11:06:59 UTC 2013
On Wed, Dec 11, 2013 at 02:16:22PM +0000, Luis Henriques wrote:
> Following this email there are two backports to Lucid of the following
> commits, which fix CVE-2013-6405:
>
> bceaa90 inet: prevent leakage of uninitialized memory to user in recv syscalls
> 85fbaa7 inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
>
> The first commit actually fixes the CVE; the second one fixes an issue
> introduced by the first one (which breaks applications such as
> traceroute).
>
> These backports were based on David Miller's backports to the stable
> 3.2 kernel (http://thread.gmane.org/gmane.linux.kernel.stable/72025).
>
> Hannes Frederic Sowa (2):
> inet: prevent leakage of uninitialized memory to user in recv syscalls
> inet: fix addr_len/msg->msg_namelen assignment in recv_error and
> rxpmtu functions
>
> include/net/ip.h | 2 +-
> include/net/ipv6.h | 3 ++-
> net/ipv4/ip_sockglue.c | 3 ++-
> net/ipv4/raw.c | 6 ++----
> net/ipv4/udp.c | 9 ++-------
> net/ipv6/datagram.c | 3 ++-
> net/ipv6/raw.c | 6 ++----
> net/ipv6/udp.c | 7 ++-----
> net/phonet/datagram.c | 9 ++++-----
> 9 files changed, 19 insertions(+), 29 deletions(-)
Looks to cover the claimed parts. Based on maintainer backports.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list