[kernel] r13440 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sat Apr 18 20:55:16 UTC 2009
Author: dannf
Date: Sat Apr 18 20:55:14 2009
New Revision: 13440
Log:
Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
- copied, changed from r13438, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Sat Apr 18 20:51:49 2009 (r13439)
+++ dists/etch-security/linux-2.6.24/debian/changelog Sat Apr 18 20:55:14 2009 (r13440)
@@ -27,6 +27,7 @@
* af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
* KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
* exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
+ * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
-- dann frazier <dannf at debian.org> Tue, 24 Feb 2009 23:25:36 -0700
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch (from r13438, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch Sat Apr 18 20:41:38 2009 (r13438, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch Sat Apr 18 20:55:14 2009 (r13440)
@@ -20,13 +20,14 @@
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-diff --git a/kernel/signal.c b/kernel/signal.c
-index 105217d..4530fc6 100644
---- a/kernel/signal.c
-+++ b/kernel/signal.c
-@@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
- struct task_struct * p;
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/kernel/signal.c linux-source-2.6.24/kernel/signal.c
+--- linux-source-2.6.24.orig/kernel/signal.c 2009-04-11 14:35:50.000000000 -0600
++++ linux-source-2.6.24/kernel/signal.c 2009-04-18 14:52:22.000000000 -0600
+@@ -1150,7 +1150,8 @@ static int kill_something_info(int sig,
+ read_lock(&tasklist_lock);
for_each_process(p) {
- if (p->pid > 1 && !same_thread_group(p, current)) {
+ if (task_pid_vnr(p) > 1 &&
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Sat Apr 18 20:51:49 2009 (r13439)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1 Sat Apr 18 20:55:14 2009 (r13440)
@@ -80,3 +80,4 @@
+ bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
+ bugfix/kvm-vmx-inhibit-EFER-access.patch
+ bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
++ bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
More information about the Kernel-svn-changes
mailing list