|| ||Chris Wright <email@example.com>|
|| ||firstname.lastname@example.org, email@example.com|
|| ||Linux 184.108.40.206|
|| ||Tue, 9 May 2006 13:28:50 -0700|
We (the -stable team) are announcing the release of the 220.127.116.11
kernel. Fixes for SCTP security issues.
The diffstat and short summary of the fixes are below.
I'll also be replying to this message with a copy of the patch between
18.104.22.168 and 22.214.171.124, as it is small enough to do so.
The updated 2.6.16.y git tree can be found at:
and can be browsed at the normal kernel.org git web browser:
Makefile | 2 -
include/net/sctp/structs.h | 1
net/sctp/inqueue.c | 1
net/sctp/sm_statefuns.c | 59 +++++++++++++++++++++++++++++++++------------
net/sctp/sm_statetable.c | 10 +++----
net/sctp/ulpqueue.c | 27 +++++++++++++++++++-
6 files changed, 77 insertions(+), 23 deletions(-)
Summary of changes from v126.96.36.199 to v188.8.131.52
SCTP: Allow spillover of receive buffer to avoid deadlock. (CVE-2006-2275)
SCTP: Fix panic's when receiving fragmented SCTP control chunks. (CVE-2006-2272)
SCTP: Fix state table entries for chunks received in CLOSED state. (CVE-2006-2271)
SCTP: Prevent possible infinite recursion with multiple bundled DATA. (CVE-2006-2274)