[kernel] r5221 - in
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian: .
patches patches/series
Simon Horman
horms at costa.debian.org
Wed Jan 4 06:50:07 UTC 2006
Author: horms
Date: Wed Jan 4 06:50:02 2006
New Revision: 5221
Added:
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/mempolicy-undefined-nodes.dpatch
Modified:
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
Log:
* mempolicy-undefined-nodes.dpatch
[SECURITY] Make sure interleave masks have at least one node set;
Local Dos
See CVE-2005-3358
From 2.6.15
Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Wed Jan 4 06:50:02 2006
@@ -331,12 +331,18 @@
[SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857
Will be in 2.6.15
+ * mempolicy-undefined-nodes.dpatch
+ [SECURITY] Make sure interleave masks have at least one node set;
+ Local Dos
+ See CVE-2005-3358
+ From 2.6.15
+
[ dann frazier ]
* mempolicy-check-mode.dpatch
[SECURITY] Input validation in sys_set_mempolicy(); local DoS.
See CAN-2005-3053
- -- Simon Horman <horms at verge.net.au> Tue, 20 Dec 2005 11:41:53 +0900
+ -- Simon Horman <horms at verge.net.au> Wed, 4 Jan 2006 15:45:34 +0900
kernel-source-2.6.8 (2.6.8-16) unstable; urgency=low
Added: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/mempolicy-undefined-nodes.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/mempolicy-undefined-nodes.dpatch Wed Jan 4 06:50:02 2006
@@ -0,0 +1,34 @@
+commit 8f493d797bc1fe470377adc9d8775845427e240e
+tree 08f4555a0064185152a51ed707e9571dbeedddc7
+parent abe842eb98c45e2b77c5868ef106616ca828a3e4
+author Andi Kleen <ak at suse.de> Tue, 03 Jan 2006 00:07:28 +0100
+committer Linus Torvalds <torvalds at g5.osdl.org> Mon, 02 Jan 2006 17:01:42 -0800
+
+ [PATCH] Make sure interleave masks have at least one node set
+
+ Otherwise a bad mem policy system call can confuse the interleaving
+ code into referencing undefined nodes.
+
+ Originally reported by Doug Chapman
+
+ I was told it's CVE-2005-3358
+ (one has to love these security people - they make everything sound important)
+
+ Signed-off-by: Andi Kleen <ak at suse.de>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+Backported to Debian's 2.6.8 by Horms <horms at debian.org>
+
+--- ./mm/mempolicy.c.orig 2006-01-04 13:50:45.000000000 +0900
++++ ./mm/mempolicy.c 2006-01-04 14:00:11.000000000 +0900
+@@ -210,6 +210,10 @@
+ switch (mode) {
+ case MPOL_INTERLEAVE:
+ bitmap_copy(policy->v.nodes, nodes, MAX_NUMNODES);
++ if (bitmap_weight((*nodes)->bits, MAX_NUMNODES) == 0) {
++ kmem_cache_free(policy_cache, policy);
++ return ERR_PTR(-EINVAL);
++ }
+ break;
+ case MPOL_PREFERRED:
+ policy->v.preferred_node = find_first_bit(nodes, MAX_NUMNODES);
Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
==============================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17 (original)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17 Wed Jan 4 06:50:02 2006
@@ -81,3 +81,4 @@
+ plug-names_cache-memleak.dpatch
+ net-ipv6-udp_v6_get_port-loop.dpatch
+ fs-lock-lease-log-spam.dpatch
++ mempolicy-undefined-nodes.dpatch
More information about the Kernel-svn-changes
mailing list