[kernel] r6612 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sat May 20 00:00:09 UTC 2006
Author: dannf
Date: Sat May 20 00:00:06 2006
New Revision: 6612
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* group_complete_signal-BUG_ON.dpatch
[SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
See CVE-2006-1523
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Sat May 20 00:00:06 2006
@@ -48,8 +48,11 @@
[SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
allows for a remote DoS attack (kmalloc'd memory corruption)
See CVE-2006-1368
+ * group_complete_signal-BUG_ON.dpatch
+ [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
+ See CVE-2006-1523
- -- dann frazier <dannf at debian.org> Fri, 19 May 2006 17:35:50 -0500
+ -- dann frazier <dannf at debian.org> Fri, 19 May 2006 18:29:35 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/group_complete_signal-BUG_ON.dpatch Sat May 20 00:00:06 2006
@@ -0,0 +1,32 @@
+Fix for CVE-2006-1523.
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+diff-tree a145410dccdb44f81d3b56763ef9b6f721f4e47c (from 2514395ef88b46e895726a8d40966cb83de7940c)
+Author: Oleg Nesterov <oleg at tv-sign.ru>
+Date: Tue Apr 11 22:18:58 2006 +0400
+
+ [PATCH] __group_complete_signal: remove bogus BUG_ON
+
+ Commit e56d090310d7625ecb43a1eeebd479f04affb48b
+
+ [PATCH] RCU signal handling
+
+ made this BUG_ON() unsafe. This code runs under ->siglock,
+ while switch_exec_pids() takes tasklist_lock.
+
+ Signed-off-by: Oleg Nesterov <oleg at tv-sign.ru>
+ Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+
+diff --git a/kernel/signal.c b/kernel/signal.c
+index 5ccaac5..b14f895 100644
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -868,7 +868,6 @@ __group_complete_signal(int sig, struct
+ if (t == NULL)
+ /* restart balancing at this thread */
+ t = p->signal->curr_target = p;
+- BUG_ON(t->tgid != p->tgid);
+
+ while (!wants_signal(sig, t)) {
+ t = next_thread(t);
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Sat May 20 00:00:06 2006
@@ -11,3 +11,4 @@
+ sctp-discard-unexpected-in-closed.dpatch
+ ipv4-id-no-increment.dpatch
+ usb-gadget-rndis-bufoverflow.dpatch
++ group_complete_signal-BUG_ON.dpatch
More information about the Kernel-svn-changes
mailing list