Bug#779201: kfreebsd-{8,9}: CVE-2015-1414: DoS via IGMP packet

[Christoph Egger]

Hi!

I would like to upload to stable security for this kernel crash / DoS
vulnerability. Patch for -8 is below, -9 is the same modulo version
numbers.

Steven Chamberlain <ste...@pyro.eu.org> writes:
> A remote DoS was reported in FreeBSD's IGMP packet handling:
> https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
>
> This affects all our kfreebsd-8, -9, -10 and -11 packages.
>
> I don't know yet if this can be exploited over the public Internet
> or only on a local network segment.
>
> As a mitigation, the PF firewall can probably be configured to block
> 'proto igmp' packets before the kernel processes them.  

  Christoph

diff -Nru kfreebsd-9-9.0/debian/changelog kfreebsd-9-9.0/debian/changelog
--- kfreebsd-9-9.0/debian/changelog     2015-02-25 13:44:41.000000000 +0100
+++ kfreebsd-9-9.0/debian/changelog     2015-02-25 14:13:10.000000000 +0100
@@ -1,3 +1,9 @@
+kfreebsd-9 (9.0-10+deb70.9) wheezy-security; urgency=medium
+
+  * Upstream patch for FreeBSD-SA-15:04.igmp / CVE-2015-1414 (Closes: #779201)
+
+ -- Christoph Egger <christ...@debian.org>  Wed, 25 Feb 2015 14:08:57 +0100
+
 kfreebsd-9 (9.0-10+deb70.8) wheezy-security; urgency=high
 
   * Team upload.
diff -Nru kfreebsd-9-9.0/debian/patches/series 
kfreebsd-9-9.0/debian/patches/series
--- kfreebsd-9-9.0/debian/patches/series        2015-02-25 13:44:41.000000000 
+0100
+++ kfreebsd-9-9.0/debian/patches/series        2015-02-25 14:01:55.000000000 
+0100
@@ -59,3 +59,4 @@
 950_no_stack_protector.diff
 999_config.diff
 999_firmware.diff
+svn279263-FreeBSD-SA-15:04.igmp
diff -Nru kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp 
kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp
--- kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp       
1970-01-01 01:00:00.000000000 +0100
+++ kfreebsd-9-9.0/debian/patches/svn279263-FreeBSD-SA-15:04.igmp       
2015-02-25 14:05:17.000000000 +0100
@@ -0,0 +1,15 @@
+Index: 9/sys/netinet/igmp.c
+===================================================================
+--- 9/sys/netinet/igmp.c       (revision 279262)
++++ 9/sys/netinet/igmp.c       (revision 279263)
+@@ -1533,8 +1533,8 @@
+               case IGMP_VERSION_3: {
+                               struct igmpv3 *igmpv3;
+                               uint16_t igmpv3len;
+-                              uint16_t srclen;
+-                              int nsrc;
++                              uint16_t nsrc;
++                              int srclen;
+ 
+                               IGMPSTAT_INC(igps_rcv_v3_queries);
+                               igmpv3 = (struct igmpv3 *)igmp;

signature.asc
Description: PGP signature