[kernel] r5044 - patch-tracking

Mon Dec 19 10:14:25 UTC 2005

Author: horms
Date: Mon Dec 19 10:14:24 2005
New Revision: 5044

Modified:
   patch-tracking/CVE-2005-3807
   patch-tracking/CVE-2005-3857
Log:
Split out CVE-2005-3807 and CVE-2005-3857, which were orginally the same
bug report and still contained a lot of duplicate information.

Add CVE-2005-3857 to 2.4.27 and 2.6.8 in SVN


Modified: patch-tracking/CVE-2005-3807
==============================================================================

--- patch-tracking/CVE-2005-3807	(original)
+++ patch-tracking/CVE-2005-3807	Mon Dec 19 10:14:24 2005
@@ -1,34 +1,22 @@
 Candidate: CVE-2005-3807
 References: 
  CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
 Description: 
  [PATCH] VFS: Fix memory leak with file leases
  .
- http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.htm
- introduced a pretty nasty memory leak in the lease code. When freeing
- the lease, the code in locks_delete_lock() will correctly clean up
- the fasync queue, but when we return to fcntl_setlease(), the freed
- fasync entry will be reinstated.                                   
- .
- This patch ensures that we skip the call to fasync_helper() when we're
- freeing up the lease.                                                 
+ Memory leak in the VFS file lease handling in locks.c in Linux kernels
+ 2.6.10 to 2.6.15 allows local users to cause a denial of service
+ (memory exhaustion) via certain Samba activities that cause an fasync
+ entry to be re-allocated by the fcntl_setlease function after the
+ fasync queue has already 
 Notes: 
- There are two patches, one from J. Bruce Fields and
- Trond Myklebust and a subsequent one from Chris Wright. 
- They are dc15ae14e97ee9d5ed740cbb0b94996076d8b37e and
- f3a9388e4ebea57583272007311fffa26ebbb305 in  Linus' git tree.
- And they are both needed.
- .
- This was originally one file, CVE-2005-3857 refers to the printk-spamming part,
- CVE-2005-3807 to the memory leak part.
 Bugs: 
 upstream: released (2.6.14.3) 
 2.6.14: released (2.6.14-4)
-2.6.8-sarge-security: 
+2.6.8-sarge-security: N/A
 2.4.27-sarge-security: N/A
 2.4.27: N/A
-2.6.8: 
+2.6.8: N/A
 2.4.19-woody-security: 
 2.4.18-woody-security: 
 2.4.17-woody-security: 

Modified: patch-tracking/CVE-2005-3857
==============================================================================
--- patch-tracking/CVE-2005-3857	(original)
+++ patch-tracking/CVE-2005-3857	Mon Dec 19 10:14:24 2005
@@ -1,34 +1,22 @@
 Candidate: CVE-2005-3857 
 References: 
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e
  CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3a9388e4ebea57583272007311fffa26ebbb305
 Description: 
- [PATCH] VFS: Fix memory leak with file leases
+ [PATCH] VFS: local denial-of-service with file leases
  .
- http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.htm
- introduced a pretty nasty memory leak in the lease code. When freeing
- the lease, the code in locks_delete_lock() will correctly clean up
- the fasync queue, but when we return to fcntl_setlease(), the freed
- fasync entry will be reinstated.                                   
- .
- This patch ensures that we skip the call to fasync_helper() when we're
- freeing up the lease.                                                 
-Notes: 
- There are two patches, one from J. Bruce Fields and
- Trond Myklebust and a subsequent one from Chris Wright. 
- They are dc15ae14e97ee9d5ed740cbb0b94996076d8b37e and
- f3a9388e4ebea57583272007311fffa26ebbb305 in  Linus' git tree.
- And they are both needed.
- .
- This was originally one file, CVE-2005-3857 refers to the printk-spamming part,
- CVE-2005-3807 to the memory leak part.
+ The time_out_leases function in locks.c for Linux kernel before 2.6.15
+ allows local users to cause a denial of service (kernel log message
+ consumption) by causing a large number of broken leases, which is
+ recorded to the log using the printk function.
+Notes:
+ Sent for inclusion in 2.4.33
 Bugs: 
-upstream: released (2.6.14.3) 
-2.6.14: released (2.6.14-4)
-2.6.8-sarge-security: 
-2.4.27-sarge-security: N/A
-2.4.27: N/A
-2.6.8: 
+upstream: released (2.6.15-rc2) needed (2.6.33)
+2.6.14: released (2.6.14+2.6.15-rc5-0experimental.1)
+2.6.8-sarge-security: pending (2.6.8-16sarge2)
+2.4.27-sarge-security: pending (2.4.27-10sarge2)
+2.4.27: pending (2.4.27-13)
+2.6.8: pending (2.6.8-17)
 2.4.19-woody-security: 
 2.4.18-woody-security: 
 2.4.17-woody-security: 

