[kernel] r4877 - dists/sid/linux-2.6/debian dists/sid/linux-2.6/debian/patches-debian dists/sid/linux-2.6/debian/patches-debian/series patch-tracking

Simon Horman horms at costa.debian.org
Thu Nov 24 06:56:48 UTC 2005 

Author: horms
Date: Thu Nov 24 06:56:44 2005
New Revision: 4877

Added:
   dists/sid/linux-2.6/debian/patches-debian/mm-invalidate_inode_pages2-overflow.patch
   patch-tracking/mm-invalidate_inode_pages2-overflow.patch
      - copied, changed from r4876, patch-tracking/00boilerplate
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
   patch-tracking/CVE-2005-2100
Log:
 [SECURITY] 32bit integer overflow in invalidate_inode_pages2() (local DoS)

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Thu Nov 24 06:56:44 2005
@@ -8,8 +8,10 @@
 
   [ Simon Horman ]
   * Enable MKISS globally (closes: #340215)
+  * mm-invalidate_inode_pages2-overflow.patch
+    [SECURITY] 32bit integer overflow in invalidate_inode_pages2() (local DoS)
 
- -- Simon Horman <horms at debian.org>  Tue, 22 Nov 2005 10:46:22 +0900
+ -- Simon Horman <horms at debian.org>  Thu, 24 Nov 2005 15:30:58 +0900
 
 linux-2.6 (2.6.14-3) unstable; urgency=low
 

Added: dists/sid/linux-2.6/debian/patches-debian/mm-invalidate_inode_pages2-overflow.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches-debian/mm-invalidate_inode_pages2-overflow.patch	Thu Nov 24 06:56:44 2005
@@ -0,0 +1,37 @@
+commit 479ef592f3664dd629417098c8599261c0f689ab
+tree 616270b5c79cc3ef5f1fba683f1913f4bea74f47
+parent 02b7068221eed702a37527fa2da4d63a27b3126a
+author Oleg Drokin <green at linuxhacker.ru> Wed, 23 Nov 2005 13:37:47 -0800
+committer Linus Torvalds <torvalds at g5.osdl.org> Wed, 23 Nov 2005 16:08:39 -0800
+
+    [PATCH] 32bit integer overflow in invalidate_inode_pages2()
+    
+    Fix a 32 bit integer overflow in invalidate_inode_pages2_range.
+    
+    Signed-off-by: Andrew Morton <akpm at osdl.org>
+    Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+diff --git a/mm/truncate.c b/mm/truncate.c
+index 29c18f6..9173ab5 100644
+--- a/mm/truncate.c
++++ b/mm/truncate.c
+@@ -282,8 +282,8 @@ int invalidate_inode_pages2_range(struct
+ 					 * Zap the rest of the file in one hit.
+ 					 */
+ 					unmap_mapping_range(mapping,
+-					    page_index << PAGE_CACHE_SHIFT,
+-					    (end - page_index + 1)
++					   (loff_t)page_index<<PAGE_CACHE_SHIFT,
++					   (loff_t)(end - page_index + 1)
+ 							<< PAGE_CACHE_SHIFT,
+ 					    0);
+ 					did_range_unmap = 1;
+@@ -292,7 +292,7 @@ int invalidate_inode_pages2_range(struct
+ 					 * Just zap this page
+ 					 */
+ 					unmap_mapping_range(mapping,
+-					  page_index << PAGE_CACHE_SHIFT,
++					  (loff_t)page_index<<PAGE_CACHE_SHIFT,
+ 					  PAGE_CACHE_SIZE, 0);
+ 				}
+ 			}

Modified: dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4
==============================================================================
--- dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4	(original)
+++ dists/sid/linux-2.6/debian/patches-debian/series/2.6.14-4	Thu Nov 24 06:56:44 2005
@@ -1,2 +1,3 @@
 + setkeys-needs-root-1.patch
 + setkeys-needs-root-2.patch
++ mm-invalidate_inode_pages2-overflow.patch

Modified: patch-tracking/CVE-2005-2100
==============================================================================
--- patch-tracking/CVE-2005-2100	(original)
+++ patch-tracking/CVE-2005-2100	Thu Nov 24 06:56:44 2005
@@ -8,15 +8,17 @@
  Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows
  local users to cause a denial of service (crash).
 Notes: 
+ horms> This is a bug in the Red Hat 4G/4G patch, and doesn't appear
+ in Upstream or Debian Kernels.
 Bugs: 
 upstream: 
-2.6.14: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
-2.6.8: 
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+2.6.14: N/A
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A

Copied: patch-tracking/mm-invalidate_inode_pages2-overflow.patch (from r4876, patch-tracking/00boilerplate)
==============================================================================
--- patch-tracking/00boilerplate	(original)
+++ patch-tracking/mm-invalidate_inode_pages2-overflow.patch	Thu Nov 24 06:56:44 2005
@@ -1,16 +1,19 @@
-Candidate: 
-References: 
-Description: 
-Notes: 
+Candidate: needed
+References: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=479ef592f3664dd629417098c8599261c0f689ab
+Description: Fix a 32 bit integer overflow in invalidate_inode_pages2_range.
+             Local DoS
+Notes: horms> I don't see any evidence of this on 2.6.8 or 2.4.27
+              I didn't check the woody kernels, but it seems very unlikley
+              it is there.
 Bugs: 
-upstream: 
-2.6.14: 
-2.6.8-sarge-security: 
-2.4.27-sarge-security: 
-2.6.8: 
-2.4.19-woody-security: 
-2.4.18-woody-security: 
-2.4.17-woody-security: 
-2.4.16-woody-security: 
-2.4.17-woody-security-hppa: 
-2.4.17-woody-security-ia64: 
+upstream: pending (2.6.15-rc3)
+2.6.14: pending (2.6.14-4)
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.8: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A

More information about the Kernel-svn-changes mailing list