From b6b5f47a14aca272a3b33cb161bc6b96a760cd5a Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Thu, 2 Apr 2015 16:46:55 -0400 Subject: [PATCH] Linux v4.0-rc6-101-g0a4812798fae --- ...-t-reduce-hop-limit-for-an-interface.patch | 46 ------------------- kernel.spec | 11 ++--- sources | 2 +- 3 files changed, 5 insertions(+), 54 deletions(-) delete mode 100644 ipv6-Don-t-reduce-hop-limit-for-an-interface.patch diff --git a/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch b/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch deleted file mode 100644 index 9b9448681..000000000 --- a/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: "D.S. Ljungmark" -Date: Wed, 25 Mar 2015 09:28:15 +0100 -Subject: [PATCH] ipv6: Don't reduce hop limit for an interface - -A local route may have a lower hop_limit set than global routes do. - -RFC 3756, Section 4.2.7, "Parameter Spoofing" - -> 1. The attacker includes a Current Hop Limit of one or another small -> number which the attacker knows will cause legitimate packets to -> be dropped before they reach their destination. - -> As an example, one possible approach to mitigate this threat is to -> ignore very small hop limits. The nodes could implement a -> configurable minimum hop limit, and ignore attempts to set it below -> said limit. - -Signed-off-by: D.S. Ljungmark -Acked-by: Hannes Frederic Sowa ---- - net/ipv6/ndisc.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c -index 471ed24aabae..14ecdaf06bf7 100644 ---- a/net/ipv6/ndisc.c -+++ b/net/ipv6/ndisc.c -@@ -1218,7 +1218,14 @@ static void ndisc_router_discovery(struct sk_buff *skb) - if (rt) - rt6_set_expires(rt, jiffies + (HZ * lifetime)); - if (ra_msg->icmph.icmp6_hop_limit) { -- in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; -+ /* Only set hop_limit on the interface if it is higher than -+ * the current hop_limit. -+ */ -+ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) { -+ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; -+ } else { -+ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n"); -+ } - if (rt) - dst_metric_set(&rt->dst, RTAX_HOPLIMIT, - ra_msg->icmph.icmp6_hop_limit); --- -2.1.0 - diff --git a/kernel.spec b/kernel.spec index 8ef760032..7dfc2bf28 100644 --- a/kernel.spec +++ b/kernel.spec @@ -68,7 +68,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 6 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -634,9 +634,6 @@ Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch #CVE-2015-2150 rhbz 1196266 1200397 Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch -#CVE-2015-XXXX rhbz 1203712 1208491 -Patch26177: ipv6-Don-t-reduce-hop-limit-for-an-interface.patch - # END OF PATCH DEFINITIONS %endif @@ -1382,9 +1379,6 @@ ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch #CVE-2015-2150 rhbz 1196266 1200397 ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch -#CVE-2015-XXXX rhbz 1203712 1208491 -ApplyPatch ipv6-Don-t-reduce-hop-limit-for-an-interface.patch - # END OF PATCH APPLICATIONS %endif @@ -2235,6 +2229,9 @@ fi # # %changelog +* Thu Apr 02 2015 Josh Boyer - 4.0.0-0.rc6.git2.1 +- Linux v4.0-rc6-101-g0a4812798fae + * Thu Apr 02 2015 Josh Boyer - DoS against IPv6 stacks due to improper handling of RA (rhbz 1203712 1208491) diff --git a/sources b/sources index c8ae3cbc9..54c68312a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ bec0aeeacab2852d9a17ccbfa7e280f8 linux-4.0-rc6.tar.xz 260f7a6cccde97c91b2e79eb93049820 perf-man-4.0-rc6.tar.gz -1254e2b5f72b55b8df6fc4a4caae2ff1 patch-4.0-rc6-git1.xz +9c5164f5f19edaf4c78df0b2e7e4a047 patch-4.0-rc6-git2.xz