Commits
Vasily Tarasov authored and Pavel Emelianov committed 0b38c5b7cff
[PATCH] IPv6 routing headers issue From: Thomas Graf <tgraf@redhat.com> Backport of the fix to disallow RH0 by default. The original upstream patch introduces a configuration option which breaks kABI as it extends a struct which is embeded into another public structure and is thus not acceptable as-is. Therefore the decision has been made to disallow routing header type 0 in gernal for now, a configuration option to enable certain uses again can be added later when more time for testing is available without the pressure of a security issue. Also the code is kept close to the upstream version to ease a possible backporting of Mobile IPv6 which will require receiving routing header type 2. commit 0bcbc92629044b5403719f77fb015e9005b1f504 Author: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> [IPV6]: Disallow RH0 by default. A security issue is emerging. Disallow Routing Header Type 0 by default as we have been doing for IPv4. Note: We allow RH2 by default because it is harmless. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> original patch lives in rhel5 .5 update CVE-2007-2242 http://bugzilla.openvz.org/show_bug.cgi?id=612