code looks same down to SLES 9 .. so I guess all 2.6 are affected.

Also SLES8 _rcv function looks the same, so I guess also 2.4.


This is a SLES 8 patch candidate.

ccing reporter ;)

Karsten, can you do this for all kernel versions?

There is a CVE requested for this, but it is not assigned yet, should happen tomorrow.

CVE-2008-2136

Greg, should I fix this for head too, or will we go to 2.6.25.3 soon ?

Did submit to kernel CVS:
SLES8
SLES9 SP3,SP4
SLES10 SP1,SP2 (SP2 disabled with +post-sp2)
SL102
SL103

(In reply to comment #6 from Karsten Keil)
> Greg, should I fix this for head too, or will we go to 2.6.25.3 soon ?
> 

We have already moved to 2.6.25.3 in HEAD, so it is fixed there already.

Argh, I didn't saw that cvs up did fail (temporary problem on my side), sorry for the noise.

So what's the state of this now? 

I cannot really believe that a ping of death type problem takes that long to fix.
Would the release process go faster if I posted a exploit publicly?

no, it would not go faster, it would just increase my stress levels.

But feel free to do anyway. :)

A kernel update is in the making already, just no one seems to want to hurry.

Karsten, I do not see it in the SL103 branch. DId you really commit it there?


it is in SL102, SLES10SP1, SLES10SP2 (this one is already released), 
SLES9SP4 and SLES8.

=> Only in SL103 missing.

Done, seems the local cvs issue from comment #9 also did not commit the changes to the main rep., they already were in my tree, sorry for the delay.

all done for kernel -> fixed

10.2 and 10.3 kernel updates released

released sles9 updates kernel version is: 2.6.5-7.312

This bug was mentioned / fixed in the SLERT 10 SP2 kernel, version 2.6.22.19-0.15, released Wed 23 July 2008.