[kernel] r5044 - patch-tracking
Simon Horman
horms at costa.debian.org
Mon Dec 19 10:14:25 UTC 2005
Author: horms
Date: Mon Dec 19 10:14:24 2005
New Revision: 5044
Modified:
patch-tracking/CVE-2005-3807
patch-tracking/CVE-2005-3857
Log:
Split out CVE-2005-3807 and CVE-2005-3857, which were orginally the same
bug report and still contained a lot of duplicate information.
Add CVE-2005-3857 to 2.4.27 and 2.6.8 in SVN
Modified: patch-tracking/CVE-2005-3807
==============================================================================
--- patch-tracking/CVE-2005-3807 (original)
+++ patch-tracking/CVE-2005-3807 Mon Dec 19 10:14:24 2005
@@ -1,34 +1,22 @@
Candidate: CVE-2005-3807
References:
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
Description:
[PATCH] VFS: Fix memory leak with file leases
.
- http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.htm
- introduced a pretty nasty memory leak in the lease code. When freeing
- the lease, the code in locks_delete_lock() will correctly clean up
- the fasync queue, but when we return to fcntl_setlease(), the freed
- fasync entry will be reinstated.
- .
- This patch ensures that we skip the call to fasync_helper() when we're
- freeing up the lease.
+ Memory leak in the VFS file lease handling in locks.c in Linux kernels
+ 2.6.10 to 2.6.15 allows local users to cause a denial of service
+ (memory exhaustion) via certain Samba activities that cause an fasync
+ entry to be re-allocated by the fcntl_setlease function after the
+ fasync queue has already
Notes:
- There are two patches, one from J. Bruce Fields and
- Trond Myklebust and a subsequent one from Chris Wright.
- They are dc15ae14e97ee9d5ed740cbb0b94996076d8b37e and
- f3a9388e4ebea57583272007311fffa26ebbb305 in Linus' git tree.
- And they are both needed.
- .
- This was originally one file, CVE-2005-3857 refers to the printk-spamming part,
- CVE-2005-3807 to the memory leak part.
Bugs:
upstream: released (2.6.14.3)
2.6.14: released (2.6.14-4)
-2.6.8-sarge-security:
+2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.27: N/A
-2.6.8:
+2.6.8: N/A
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
Modified: patch-tracking/CVE-2005-3857
==============================================================================
--- patch-tracking/CVE-2005-3857 (original)
+++ patch-tracking/CVE-2005-3857 Mon Dec 19 10:14:24 2005
@@ -1,34 +1,22 @@
Candidate: CVE-2005-3857
References:
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
Description:
- [PATCH] VFS: Fix memory leak with file leases
+ [PATCH] VFS: local denial-of-service with file leases
.
- http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.htm
- introduced a pretty nasty memory leak in the lease code. When freeing
- the lease, the code in locks_delete_lock() will correctly clean up
- the fasync queue, but when we return to fcntl_setlease(), the freed
- fasync entry will be reinstated.
- .
- This patch ensures that we skip the call to fasync_helper() when we're
- freeing up the lease.
-Notes:
- There are two patches, one from J. Bruce Fields and
- Trond Myklebust and a subsequent one from Chris Wright.
- They are dc15ae14e97ee9d5ed740cbb0b94996076d8b37e and
- f3a9388e4ebea57583272007311fffa26ebbb305 in Linus' git tree.
- And they are both needed.
- .
- This was originally one file, CVE-2005-3857 refers to the printk-spamming part,
- CVE-2005-3807 to the memory leak part.
+ The time_out_leases function in locks.c for Linux kernel before 2.6.15
+ allows local users to cause a denial of service (kernel log message
+ consumption) by causing a large number of broken leases, which is
+ recorded to the log using the printk function.
+Notes:
+ Sent for inclusion in 2.4.33
Bugs:
-upstream: released (2.6.14.3)
-2.6.14: released (2.6.14-4)
-2.6.8-sarge-security:
-2.4.27-sarge-security: N/A
-2.4.27: N/A
-2.6.8:
+upstream: released (2.6.15-rc2) needed (2.6.33)
+2.6.14: released (2.6.14+2.6.15-rc5-0experimental.1)
+2.6.8-sarge-security: pending (2.6.8-16sarge2)
+2.4.27-sarge-security: pending (2.4.27-10sarge2)
+2.4.27: pending (2.4.27-13)
+2.6.8: pending (2.6.8-17)
2.4.19-woody-security:
2.4.18-woody-security:
2.4.17-woody-security:
More information about the Kernel-svn-changes
mailing list