[kernel] r6612 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Sat May 20 00:00:09 UTC 2006 

Author: dannf
Date: Sat May 20 00:00:06 2006
New Revision: 6612

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* group_complete_signal-BUG_ON.dpatch
  [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
  See CVE-2006-1523

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sat May 20 00:00:06 2006
@@ -48,8 +48,11 @@
     [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
     allows for a remote DoS attack (kmalloc'd memory corruption)
     See CVE-2006-1368
+  * group_complete_signal-BUG_ON.dpatch
+    [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
+    See CVE-2006-1523
 
- -- dann frazier <dannf at debian.org>  Fri, 19 May 2006 17:35:50 -0500
+ -- dann frazier <dannf at debian.org>  Fri, 19 May 2006 18:29:35 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch	Sat May 20 00:00:06 2006
@@ -0,0 +1,32 @@
+Fix for CVE-2006-1523.
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+diff-tree a145410dccdb44f81d3b56763ef9b6f721f4e47c (from 2514395ef88b46e895726a8d40966cb83de7940c)
+Author: Oleg Nesterov <oleg at tv-sign.ru>
+Date:   Tue Apr 11 22:18:58 2006 +0400
+
+    [PATCH] __group_complete_signal: remove bogus BUG_ON
+    
+    Commit e56d090310d7625ecb43a1eeebd479f04affb48b
+    
+       [PATCH] RCU signal handling
+    
+    made this BUG_ON() unsafe. This code runs under ->siglock,
+    while switch_exec_pids() takes tasklist_lock.
+    
+    Signed-off-by: Oleg Nesterov <oleg at tv-sign.ru>
+    Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+diff --git a/kernel/signal.c b/kernel/signal.c
+index 5ccaac5..b14f895 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -868,7 +868,6 @@ __group_complete_signal(int sig, struct 
+ 		if (t == NULL)
+ 			/* restart balancing at this thread */
+ 			t = p->signal->curr_target = p;
+-		BUG_ON(t->tgid != p->tgid);
+ 
+ 		while (!wants_signal(sig, t)) {
+ 			t = next_thread(t);

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Sat May 20 00:00:06 2006
@@ -11,3 +11,4 @@
 + sctp-discard-unexpected-in-closed.dpatch
 + ipv4-id-no-increment.dpatch
 + usb-gadget-rndis-bufoverflow.dpatch
++ group_complete_signal-BUG_ON.dpatch

More information about the Kernel-svn-changes mailing list