[kernel] r12044 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Tue Aug 12 08:48:11 UTC 2008 

Author: dannf
Date: Tue Aug 12 08:48:10 2008
New Revision: 12044

Log:
Fix possible information leak in seq_oss_synth.c
(CVE-2008-3272)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	(original)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Tue Aug 12 08:48:10 2008
@@ -2,8 +2,10 @@
 
   * Add ABI files for 2.6.24-etchnhalf.1
   * Fix regression introduced upstream by the fix for CVE-2008-0598
+  * Fix possible information leak in seq_oss_synth.c
+    (CVE-2008-3272)
 
- -- dann frazier <dannf at debian.org>  Tue, 12 Aug 2008 02:27:51 -0600
+ -- dann frazier <dannf at debian.org>  Tue, 12 Aug 2008 02:41:51 -0600
 
 linux-2.6.24 (2.6.24-6~etchnhalf.4) stable; urgency=low
 

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch	Tue Aug 12 08:48:10 2008
@@ -0,0 +1,30 @@
+commit 82e68f7ffec3800425f2391c8c86277606860442
+Author: Willy Tarreau <w at 1wt.eu>
+Date:   Sat Aug 2 18:25:16 2008 +0200
+
+    sound: ensure device number is valid in snd_seq_oss_synth_make_info
+    
+    snd_seq_oss_synth_make_info() incorrectly reports information
+    to userspace without first checking for the validity of the
+    device number, leading to possible information leak (CVE-2008-3272).
+    
+    Reported-By: Tobias Klein <tk at trapkit.de>
+    Acked-and-tested-by: Takashi Iwai <tiwai at suse.de>
+    Cc: stable at kernel.org
+    Signed-off-by: Willy Tarreau <w at 1wt.eu>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
+index 558dadb..e024e45 100644
+--- a/sound/core/seq/oss/seq_oss_synth.c
++++ b/sound/core/seq/oss/seq_oss_synth.c
+@@ -604,6 +604,9 @@ snd_seq_oss_synth_make_info(struct seq_oss_devinfo *dp, int dev, struct synth_in
+ {
+ 	struct seq_oss_synth *rec;
+ 
++	if (dev < 0 || dev >= dp->max_synthdev)
++		return -ENXIO;
++
+ 	if (dp->synths[dev].is_midi) {
+ 		struct midi_info minf;
+ 		snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf);

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5	(original)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.5	Tue Aug 12 08:48:10 2008
@@ -1 +1,2 @@
 + bugfix/x86-wrong-register-was-used-in-align-macro.patch
++ bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch

More information about the Kernel-svn-changes mailing list