[kernel] r10563 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Feb 17 18:30:28 UTC 2008
Author: dannf
Date: Sun Feb 17 18:30:27 2008
New Revision: 10563
Log:
* 265_powerpc-chrp-null-deref.diff
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Sun Feb 17 18:30:27 2008
@@ -82,8 +82,12 @@
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
- -- dann frazier <dannf at debian.org> Thu, 14 Feb 2008 14:59:56 -0700
+ -- dann frazier <dannf at debian.org> Thu, 14 Feb 2008 15:12:16 -0700
kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff Sun Feb 17 18:30:27 2008
@@ -0,0 +1,53 @@
+commit 6a6e6213bcca62326b087df9df6f585ec2c5326a
+Author: dann frazier <dannf at hp.com>
+Date: Thu Feb 14 15:10:20 2008 -0700
+
+ 2.4: [POWERPC] CHRP: Fix possible NULL pointer dereference
+
+ This is a 2.4 backport of a linux-2.6 change by Cyrill Gorcunov.
+ (commit 9ac71d00398674aaec664f30559f0a21d963862f)
+
+ CVE-2007-6694 was assigned for this issue.
+ This backport has been compile-tested only.
+
+ Commit log from 2.6 follows.
+
+ This fixes a possible NULL pointer dereference inside of strncmp() if
+ of_get_property() fails.
+
+diff --git a/arch/ppc/platforms/chrp_setup.c b/arch/ppc/platforms/chrp_setup.c
+index 0ffbbd2..28747db 100644
+--- a/arch/ppc/platforms/chrp_setup.c
++++ b/arch/ppc/platforms/chrp_setup.c
+@@ -121,7 +121,7 @@ chrp_show_cpuinfo(struct seq_file *m)
+ seq_printf(m, "machine\t\t: CHRP %s\n", model);
+
+ /* longtrail (goldengate) stuff */
+- if (!strncmp(model, "IBM,LongTrail", 13)) {
++ if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ /* VLSI VAS96011/12 `Golden Gate 2' */
+ /* Memory banks */
+ sdramen = (in_le32((unsigned *)(gg2_pci_config_base+
+@@ -210,14 +210,20 @@ static void __init sio_fixup_irq(const char *name, u8 device, u8 level,
+ static void __init sio_init(void)
+ {
+ struct device_node *root;
++ const char *model;
+
+- if ((root = find_path_device("/")) &&
+- !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
++ root = find_path_device("/");
++ if (!root)
++ return;
++
++ model = get_property(root, "model", NULL);
++ if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ /* logical device 0 (KBC/Keyboard) */
+ sio_fixup_irq("keyboard", 0, 1, 2);
+ /* select logical device 1 (KBC/Mouse) */
+ sio_fixup_irq("mouse", 1, 12, 2);
+ }
++
+ }
+
+
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Sun Feb 17 18:30:27 2008
@@ -24,3 +24,4 @@
+ 262_aacraid-ioctl-perm-check.diff
+ 263_usb-pwc-disconnect-block.diff
+ 264_mmap-VM_DONTEXPAND.diff
++ 265_powerpc-chrp-null-deref.diff
More information about the Kernel-svn-changes
mailing list