[kernel] r6582 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Wed May 17 03:51:37 UTC 2006 

Author: dannf
Date: Wed May 17 03:51:35 2006
New Revision: 6582

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/207_smbfs-chroot-escape.diff
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog

Log:
* 207_smbfs-chroot-escape.diff
  [SECURITY] Fix directory traversal vulnerability in smbfs that permits
  local users to escape chroot restrictions
  See CVE-2006-1864


Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Wed May 17 03:51:35 2006
@@ -1,3 +1,12 @@
+kernel-source-2.4.27 (2.4.27-10sarge3) UNRELEASED; urgency=high
+
+  * 207_smbfs-chroot-escape.diff
+    [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+    local users to escape chroot restrictions
+    See CVE-2006-1864
+  
+ -- dann frazier <dannf at debian.org>  Tue, 16 May 2006 22:49:14 -0500
+
 kernel-source-2.4.27 (2.4.27-10sarge2) stable-security; urgency=high
 
   *** Note this release introduces an ABI Change for CVE-2005-2709 ***

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/207_smbfs-chroot-escape.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/207_smbfs-chroot-escape.diff	Wed May 17 03:51:35 2006
@@ -0,0 +1,14 @@
+--- kernel-source-2.4.27-2.4.27/fs/smbfs/dir.c.orig	2006-05-16 22:33:21.000000000 +0200
++++ kernel-source-2.4.27-2.4.27/fs/smbfs/dir.c	2006-05-16 22:34:42.000000000 +0200
+@@ -416,6 +416,11 @@
+ 	if (dentry->d_name.len > SMB_MAXNAMELEN)
+ 		goto out;
+ 
++        /*Do not allow lookup of names with backslashes in */
++        error = -EINVAL;
++        if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
++                goto out;
++
+ 	error = smb_proc_getattr(dentry, &finfo);
+ #ifdef SMBFS_PARANOIA
+ 	if (error && error != -ENOENT)

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge3	Wed May 17 03:51:35 2006
@@ -0,0 +1 @@
++ 207_smbfs-chroot-escape.diff

More information about the Kernel-svn-changes mailing list