[kernel] r6642 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Sat May 20 07:35:55 UTC 2006

Author: dannf
Date: Sat May 20 07:35:52 2006
New Revision: 6642

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/xfs-ftruncate-leak.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* xfs-ftruncate-leak.dpatch
  [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
  permit local users to view sensitive information
  See CVE-2006-0554

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================

--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sat May 20 07:35:52 2006
@@ -81,8 +81,12 @@
     [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
     returning a value that is too large
     See CVE-2006-0456
+  * xfs-ftruncate-leak.dpatch
+    [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
+    permit local users to view sensitive information
+    See CVE-2006-0554
 
- -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 02:25:23 -0500
+ -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 02:34:50 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Sat May 20 07:35:52 2006
@@ -22,3 +22,4 @@
 + amd64-fp-reg-leak.dpatch
 + do_add_counters-race.dpatch
 + s390-strnlen_user-return.dpatch
++ xfs-ftruncate-leak.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/xfs-ftruncate-leak.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/xfs-ftruncate-leak.dpatch	Sat May 20 07:35:52 2006
@@ -0,0 +1,29 @@
+Fix for CVE-2006-0554, taken from 2.6.15 stable series git tree. 
+
+Signed-off-by: Troy Heber <troyh at debian.org>
+
+diff-tree 8dcd7c19f2624b7150edd60da336da0bb5291bef (from 6cbb463db05210e83ddc18cbd92e295f1fefa111)
+Author: Mike O'Connor <mjo at dojo.mi.org>
+Date:   Wed Feb 15 00:17:24 2006 -0500
+
+    [PATCH] XFS ftruncate() bug could expose stale data (CVE-2006-0554)
+    
+    This is CVE-2006-0554 and SGI bug 942658.  With certain types of
+    ftruncate() activity on 2.6 kernels, XFS can end up exposing stale
+    data off disk to a user, putting extents where holes should be.
+    
+    Signed-off-by: Chris Wright <chrisw at sous-sol.org>
+
+diff --git a/fs/xfs/linux-2.6/xfs_aops.c b/fs/xfs/linux-2.6/xfs_aops.c
+index 94d3cdf..c4ac008 100644
+--- a/fs/xfs/linux-2.6/xfs_aops.c
++++ b/fs/xfs/linux-2.6/xfs_aops.c
+@@ -385,7 +385,7 @@ xfs_probe_unmapped_cluster(
+ 
+ 	/* First sum forwards in this page */
+ 	do {
+-		if (buffer_mapped(bh))
++		if (buffer_mapped(bh) || !buffer_uptodate(bh))
+ 			break;
+ 		total += bh->b_size;
+ 	} while ((bh = bh->b_this_page) != head);

