[kernel] r7715 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Wed Nov 8 07:07:02 UTC 2006 

Author: dannf
Date: Wed Nov  8 08:07:01 2006
New Revision: 7715

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Log:
* perfmon-fd-refcnt.dpatch
  [SECURITY][ia64] Fix file descriptor leak in perfmonctl
  system call which could be used as a local denial of service attack
  by depleting the system of file descriptors
  See CVE-2006-3741

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Wed Nov  8 08:07:01 2006
@@ -1,3 +1,13 @@
+kernel-source-2.6.8 (2.6.8-16sarge6) UNRELEASED; urgency=low
+
+  * perfmon-fd-refcnt.dpatch
+    [SECURITY][ia64] Fix file descriptor leak in perfmonctl
+    system call which could be used as a local denial of service attack
+    by depleting the system of file descriptors
+    See CVE-2006-3741
+
+ -- dann frazier <dannf at debian.org>  Wed,  8 Nov 2006 00:05:49 -0700
+
 kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
 
   * [ERRATA] madvise_remove-restrict.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch	Wed Nov  8 08:07:01 2006
@@ -0,0 +1,37 @@
+From: Stephane Eranian <eranian at hpl.hp.com>
+Date: Fri, 25 Aug 2006 21:00:19 +0000 (-0700)
+Subject: [IA64] correct file descriptor reference counting in perfmon
+X-Git-Tag: v2.6.18-rc7
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b8444d00762703e1b6146fce12ce2684885f8bf6
+
+[IA64] correct file descriptor reference counting in perfmon
+
+Fix a bug in sys_perfmonctl() whereby it was not correctly
+decrementing the file descriptor reference count.
+
+Signed-off-by: stephane eranian <eranian at hpl.hp.com>
+Signed-off-by: Tony Luck <tony.luck at intel.com>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <dannf at debian.org>
+
+diff -urN kernel-source-2.6.8.orig/arch/ia64/kernel/perfmon.c kernel-source-2.6.8/arch/ia64/kernel/perfmon.c
+--- kernel-source-2.6.8.orig/arch/ia64/kernel/perfmon.c	2006-09-06 19:09:31.000000000 -0600
++++ kernel-source-2.6.8/arch/ia64/kernel/perfmon.c	2006-11-07 23:43:48.361326188 -0700
+@@ -4951,13 +4951,15 @@
+ 	if (likely(ctx)) {
+ 		DPRINT(("context unlocked\n"));
+ 		UNPROTECT_CTX(ctx, flags);
+-		fput(file);
+ 	}
+ 
+ 	/* copy argument back to user, if needed */
+ 	if (call_made && PFM_CMD_RW_ARG(cmd) && copy_to_user(arg, args_k, base_sz*count)) ret = -EFAULT;
+ 
+ error_args:
++	if (file)
++		fput(file);
++
+ 	if (args_k) kfree(args_k);
+ 
+ 	DPRINT(("cmd=%s ret=%ld\n", PFM_CMD_NAME(cmd), ret));

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6	Wed Nov  8 08:07:01 2006
@@ -0,0 +1 @@
++ perfmon-fd-refcnt.dpatch

More information about the Kernel-svn-changes mailing list