[kernel] r12530 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Dec 25 21:28:38 UTC 2008
Author: dannf
Date: Thu Dec 25 21:28:37 2008
New Revision: 12530
Log:
Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/13
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Thu Dec 25 21:28:37 2008
@@ -4,11 +4,12 @@
* [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
hangs. (closes: #478717)
* cciss: Add PCI ids for P711m and p712m
+ * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
[ Bastian Blank ]
* Fix multicast in atl1e driver. (closes: 509097)
- -- dann frazier <dannf at debian.org> Wed, 24 Dec 2008 16:45:50 -0700
+ -- dann frazier <dannf at debian.org> Thu, 25 Dec 2008 14:26:02 -0700
linux-2.6 (2.6.26-12) unstable; urgency=high
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch Thu Dec 25 21:28:37 2008
@@ -0,0 +1,31 @@
+commit 7c2500f17d65092d93345f3996cf82ebca17e9ff
+Author: Wim Van Sebroeck <wim at iguana.be>
+Date: Wed Oct 15 08:53:06 2008 +0000
+
+ [WATCHDOG] ib700wdt.c - fix buffer_underflow bug
+
+ This fixes Bug 11399:
+ if ibwdt_set_heartbeat(int t) is called with value 30 then
+ the check "if ((t < 0) || (t > 30))" in ibwdt_set_heartbeat
+ is not going to fail because t == 30, but in the loop, the
+ check wd_times[i] > t is never going to be true because
+ none of the wd_times are greater than the value of t (i.e. 30).
+ So we are exiting the loop with i == -1 and therefore setting
+ wd_margin to -1 which is wrong.
+
+ Reported-by: Zvonimir Rakamaric <zrakamar at cs.ubc.ca>
+ Signed-off-by: Wim Van Sebroeck <wim at iguana.be>
+
+diff --git a/drivers/watchdog/ib700wdt.c b/drivers/watchdog/ib700wdt.c
+index 05a2810..8782ec1 100644
+--- a/drivers/watchdog/ib700wdt.c
++++ b/drivers/watchdog/ib700wdt.c
+@@ -154,7 +154,7 @@ static int ibwdt_set_heartbeat(int t)
+ return -EINVAL;
+
+ for (i = 0x0F; i > -1; i--)
+- if (wd_times[i] > t)
++ if (wd_times[i] >= t)
+ break;
+ wd_margin = i;
+ return 0;
Modified: dists/sid/linux-2.6/debian/patches/series/13
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/13 (original)
+++ dists/sid/linux-2.6/debian/patches/series/13 Thu Dec 25 21:28:37 2008
@@ -1,3 +1,4 @@
+ bugfix/hppa/parisc-disable-up-optimized-flush_tlb_mm.patch
+ bugfix/all/drivers-net-atl1e-multicast-crc.patch
+ bugfix/all/cciss-p711m,p712m-add-ids.patch
++ bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
More information about the Kernel-svn-changes
mailing list