[kernel] r5475 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Dann Frazier dannf at costa.debian.org
Mon Jan 16 23:02:37 UTC 2006 

Author: dannf
Date: Mon Jan 16 23:02:36 2006
New Revision: 5475

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/202_sysctl-buffer-overflow.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
Log:
  [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO;
* [SECURITY] Fix a potential overflow in sysctl buffer termination code.
  202_sysctl-buffer-overflow.diff

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Mon Jan 16 23:02:36 2006
@@ -15,7 +15,7 @@
       184_arch-x86_64-ia32-ptrace32-oops.diff, included in 2.4.27-10sarge1
 
   * Errata for 2.4.27-8
-    [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; 
+    [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO;
     Local privelage escalation. See CVE-2006-0096
     This was incorrectly annotated in 2.4.27-8 as an overflow
     discovered using coverty, which is actually CVE-2004-2607
@@ -90,7 +90,10 @@
     a local DoS (crash).  See CVE-2005-3783
     199_ptrace-fix_self-attach_rule.diff
 
- -- dann frazier <dannf at debian.org>  Sun,  8 Jan 2006 14:07:11 -0700
+  * [SECURITY] Fix a potential overflow in sysctl buffer termination code.
+    202_sysctl-buffer-overflow.diff
+
+ -- dann frazier <dannf at debian.org>  Mon, 16 Jan 2006 15:59:44 -0700
 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/202_sysctl-buffer-overflow.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/202_sysctl-buffer-overflow.diff	Mon Jan 16 23:02:36 2006
@@ -0,0 +1,18 @@
+--- kernel-source-2.4.27/kernel/sysctl.c.orig	2004-08-07 17:26:06.000000000 -0600
++++ kernel-source-2.4.27/kernel/sysctl.c	2006-01-16 15:56:36.000000000 -0700
+@@ -1348,14 +1348,12 @@
+ 		if (get_user(len, oldlenp))
+ 			return -EFAULT;
+ 		if (len) {
+-			l = strlen(table->data);
++			l = strlen(table->data)+1;
+ 			if (len > l) len = l;
+ 			if (len >= table->maxlen)
+ 				len = table->maxlen;
+ 			if(copy_to_user(oldval, table->data, len))
+ 				return -EFAULT;
+-			if(put_user(0, ((char *) oldval) + len))
+-				return -EFAULT;
+ 			if(put_user(len, oldlenp))
+ 				return -EFAULT;
+ 		}

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	Mon Jan 16 23:02:36 2006
@@ -15,3 +15,4 @@
 + 199_net-ipv6-flowlabel-refcnt.diff
 + 200_net_sdla_xfer_leak.diff
 + 201_ptrace-fix_self-attach_rule.diff
++ 202_sysctl-buffer-overflow.diff

More information about the Kernel-svn-changes mailing list