[kernel] r6581 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Wed May 17 03:48:33 UTC 2006
Author: dannf
Date: Wed May 17 03:48:32 2006
New Revision: 6581
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* smbfs-chroot-escape.dpatch
[SECURITY] Fix directory traversal vulnerability in smbfs that permits
local users to escape chroot restrictions
See CVE-2006-1864
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Wed May 17 03:48:32 2006
@@ -12,8 +12,12 @@
[SECURITY] Make sure maxnodes is safe size before calculating nlongs in
get_nodes() to prevent a local DoS vulnerability.
See CVE-2006-0557
+ * smbfs-chroot-escape.dpatch
+ [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+ local users to escape chroot restrictions
+ See CVE-2006-1864
- -- dann frazier <dannf at debian.org> Tue, 16 May 2006 19:28:02 -0500
+ -- dann frazier <dannf at debian.org> Tue, 16 May 2006 22:46:36 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Wed May 17 03:48:32 2006
@@ -2,3 +2,4 @@
+ net-protocol-mod-refcounts.dpatch
+ netfilter-do_replace-overflow.dpatch
+ sys_mbind-sanity-checking.dpatch
++ smbfs-chroot-escape.dpatch
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/smbfs-chroot-escape.dpatch Wed May 17 03:48:32 2006
@@ -0,0 +1,14 @@
+--- kernel-source-2.6.8-2.6.8/fs/smbfs/dir.c.orig 2006-03-02 20:13:02.000000000 +0100
++++ kernel-source-2.6.8-2.6.8/fs/smbfs/dir.c 2006-05-16 22:27:33.000000000 +0200
+@@ -431,6 +431,11 @@
+ if (dentry->d_name.len > SMB_MAXNAMELEN)
+ goto out;
+
++ /* Do not allow lookup of names with backslashes in */
++ error = -EINVAL;
++ if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
++ goto out;
++
+ lock_kernel();
+ error = smb_proc_getattr(dentry, &finfo);
+ #ifdef SMBFS_PARANOIA
More information about the Kernel-svn-changes
mailing list