[kernel] r6596 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Thu May 18 21:01:46 UTC 2006 

Author: dannf
Date: Thu May 18 21:01:45 2006
New Revision: 6596

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/binfmt-bad-elf-entry-address.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* binfmt-bad-elf-entry-address.dpatch
  [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
  code on em64t processors
  See CVE-2006-0741

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Thu May 18 21:01:45 2006
@@ -28,8 +28,12 @@
     [SECURITY] Fix directory traversal vulnerability in smbfs that permits
     local users to escape chroot restrictions
     See CVE-2006-1863
+  * binfmt-bad-elf-entry-address.dpatch
+    [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
+    code on em64t processors
+    See CVE-2006-0741
 
- -- dann frazier <dannf at debian.org>  Wed, 17 May 2006 12:26:48 -0500
+ -- dann frazier <dannf at debian.org>  Thu, 18 May 2006 15:55:02 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/binfmt-bad-elf-entry-address.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/binfmt-bad-elf-entry-address.dpatch	Thu May 18 21:01:45 2006
@@ -0,0 +1,29 @@
+[PATCH] x86_64: Check for bad elf entry address.
+
+Fixes a local DOS on Intel systems that lead to an endless
+recursive fault.  AMD machines don't seem to be affected.
+
+Signed-off-by: Suresh Siddha <suresh.b.siddha at intel.com>
+Signed-off-by: Andi Kleen <ak at suse.de>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+GIT: 5342fba5412cead88b61ead07168615dbeba1ee3
+
+# backported to Debian's 2.6.8 by Troy Heber <troyh at debian.org>
+
+diff -urN kernel-source-2.6.8.orig/fs/binfmt_elf.c 2.6/fs/binfmt_elf.c
+--- kernel-source-2.6.8.orig/fs/binfmt_elf.c	2006-02-08 22:55:59.000000000 -0700
++++ 2.6/fs/binfmt_elf.c	2006-05-16 22:48:02.000000000 -0600
+@@ -884,6 +884,12 @@
+ 		kfree(elf_interpreter);
+ 	} else {
+ 		elf_entry = elf_ex.e_entry;
++		if (BAD_ADDR(elf_entry)) {
++			send_sig(SIGSEGV, current, 0);
++			retval = -ENOEXEC; /* Nobody gets to see this, but.. */
++			goto out_free_dentry;
++		}
++
+ 	}
+ 
+ 	kfree(elf_phdata);

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Thu May 18 21:01:45 2006
@@ -6,3 +6,4 @@
 + perfmon-exit-race.dpatch
 + ia64-die_if_kernel-returns.dpatch
 + cifs-chroot-escape.dpatch
++ binfmt-bad-elf-entry-address.dpatch

More information about the Kernel-svn-changes mailing list