[kernel] r13439 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sat Apr 18 20:51:50 UTC 2009
Author: dannf
Date: Sat Apr 18 20:51:49 2009
New Revision: 13439
Log:
exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
- copied, changed from r13437, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Sat Apr 18 20:41:38 2009 (r13438)
+++ dists/etch-security/linux-2.6.24/debian/changelog Sat Apr 18 20:51:49 2009 (r13439)
@@ -26,6 +26,7 @@
* Fix an off-by-two memory error in console selection (CVE-2009-1046)
* af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
* KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
+ * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
-- dann frazier <dannf at debian.org> Tue, 24 Feb 2009 23:25:36 -0700
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch (from r13437, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch Sat Apr 18 20:37:07 2009 (r13437, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch Sat Apr 18 20:51:49 2009 (r13439)
@@ -14,18 +14,18 @@
Acked-by: Roland McGrath <roland at redhat.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.26.orig/kernel/exit.c linux-source-2.6.26/kernel/exit.c
---- linux-source-2.6.26.orig/kernel/exit.c 2009-03-25 17:20:40.000000000 -0600
-+++ linux-source-2.6.26/kernel/exit.c 2009-04-17 18:59:15.000000000 -0600
-@@ -868,8 +868,7 @@ static void exit_notify(struct task_stru
+diff -urpN linux-source-2.6.24.orig/kernel/exit.c linux-source-2.6.24/kernel/exit.c
+--- linux-source-2.6.24.orig/kernel/exit.c 2009-04-11 14:35:49.000000000 -0600
++++ linux-source-2.6.24/kernel/exit.c 2009-04-18 14:49:36.000000000 -0600
+@@ -813,8 +813,7 @@ static void exit_notify(struct task_stru
*/
- if (tsk->exit_signal != SIGCHLD && !task_detached(tsk) &&
- (tsk->parent_exec_id != tsk->real_parent->self_exec_id ||
-- tsk->self_exec_id != tsk->parent_exec_id) &&
-- !capable(CAP_KILL))
+ if (tsk->exit_signal != SIGCHLD && tsk->exit_signal != -1 &&
+ ( tsk->parent_exec_id != t->self_exec_id ||
+- tsk->self_exec_id != tsk->parent_exec_id)
+- && !capable(CAP_KILL))
+ tsk->self_exec_id != tsk->parent_exec_id))
tsk->exit_signal = SIGCHLD;
- /* If something other than our normal parent is ptracing us, then
+
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Sat Apr 18 20:41:38 2009 (r13438)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Sat Apr 18 20:51:49 2009 (r13439)
@@ -79,3 +79,4 @@
+ bugfix/all/fix-off-by-2-error-in-console-selection.patch
+ bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
+ bugfix/kvm-vmx-inhibit-EFER-access.patch
++ bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
More information about the Kernel-svn-changes
mailing list