[kernel] r8924 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Thu Jun 7 00:19:51 UTC 2007 

Author: dannf
Date: Thu Jun  7 00:19:51 2007
New Revision: 8924

Log:
fix for fix for CVE-2007-1353

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/245_bluetooth-l2cap-hci-info-leaks-2.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Thu Jun  7 00:19:51 2007
@@ -20,10 +20,11 @@
     for connection.
     See CVE-2007-1592
   * 244_bluetooth-l2cap-hci-info-leaks.diff
+    245_bluetooth-l2cap-hci-info-leaks-2.diff
     [SECURITY] Fix information leaks in setsockopt() implementations
     See CVE-2007-1353
 
- -- dann frazier <dannf at debian.org>  Tue, 22 May 2007 23:58:34 -0600
+ -- dann frazier <dannf at debian.org>  Wed, 06 Jun 2007 18:19:35 -0600
 
 kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/245_bluetooth-l2cap-hci-info-leaks-2.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/245_bluetooth-l2cap-hci-info-leaks-2.diff	Thu Jun  7 00:19:51 2007
@@ -0,0 +1,27 @@
+From: Willy Tarreau <w at 1wt.eu>
+Date: Wed, 6 Jun 2007 05:50:57 +0000 (+0200)
+Subject: [PATCH] Bluetooth: correct fix for CVE-2007-1353
+X-Git-Tag: v2.4.35-pre5~5
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fwtarreau%2Flinux-2.4.git;a=commitdiff_plain;h=e3028a346340868c9320215c4f533eb7fdc43d38
+
+[PATCH] Bluetooth: correct fix for CVE-2007-1353
+
+Marcel Holtmann notified me that my previous fix for CVE-2007-1353
+was wrong because of a stupid memcpy() with unchecked length, which
+indeed made it worse than the original bug. Next time I'll be more
+careful with copy-pasting !
+---
+
+diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
+index 8ececee..b66daa9 100644
+--- a/net/bluetooth/hci_sock.c
++++ b/net/bluetooth/hci_sock.c
+@@ -469,7 +469,7 @@ int hci_sock_setsockopt(struct socket *sock, int level, int optname, char *optva
+ 		break;
+ 
+ 	case HCI_FILTER:
+-		memcpy(&flt, &hci_pi(sk)->filter, len);
++		memcpy(&flt, &hci_pi(sk)->filter, sizeof(flt));
+ 
+ 		len = MIN(len, sizeof(struct hci_filter));
+ 		if (copy_from_user(&flt, optval, len)) {

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	Thu Jun  7 00:19:51 2007
@@ -4,3 +4,4 @@
 + 242_ext3-fsfuzz.diff
 + 243_ipv6_fl_socklist-no-share.diff
 + 244_bluetooth-l2cap-hci-info-leaks.diff
++ 245_bluetooth-l2cap-hci-info-leaks-2.diff

More information about the Kernel-svn-changes mailing list