[kernel] r13512 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Apr 28 04:19:05 UTC 2009 

Author: dannf
Date: Tue Apr 28 04:19:04 2009
New Revision: 13512

Log:
agp: zero pages before sending to userspace (CVE-2009-1192)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Mon Apr 27 19:58:24 2009	(r13511)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Tue Apr 28 04:19:04 2009	(r13512)
@@ -28,6 +28,7 @@
   * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
   * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
   * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
+  * agp: zero pages before sending to userspace (CVE-2009-1192)
 
  -- dann frazier <dannf at debian.org>  Tue, 24 Feb 2009 23:25:36 -0700
 

Added: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch	Tue Apr 28 04:19:04 2009	(r13512)
@@ -0,0 +1,27 @@
+commit 59de2bebabc5027f93df999d59cc65df591c3e6e
+Author: Shaohua Li <shaohua.li at intel.com>
+Date:   Mon Apr 20 10:08:35 2009 +1000
+
+    agp: zero pages before sending to userspace
+    
+    AGP pages might be mapped into userspace finally, so the pages should be
+    set to zero before userspace can use it. Otherwise there is potential
+    information leakage.
+    
+    Signed-off-by: Shaohua Li <shaohua.li at intel.com>
+    Signed-off-by: Dave Airlie <airlied at redhat.com>
+
+Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/drivers/char/agp/generic.c linux-source-2.6.24/drivers/char/agp/generic.c
+--- linux-source-2.6.24.orig/drivers/char/agp/generic.c	2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/drivers/char/agp/generic.c	2009-04-27 22:08:01.000000000 -0600
+@@ -1166,7 +1166,7 @@ void *agp_generic_alloc_page(struct agp_
+ {
+ 	struct page * page;
+ 
+-	page = alloc_page(GFP_KERNEL | GFP_DMA32);
++	page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
+ 	if (page == NULL)
+ 		return NULL;
+ 

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1	Mon Apr 27 19:58:24 2009	(r13511)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch1	Tue Apr 28 04:19:04 2009	(r13512)
@@ -82,3 +82,4 @@
 + bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
 + bugfix/all/limit_kill_sig_-1_to_callers_namespace.patch
 + bugfix/all/pid-extend+fix-pid_vnr.patch
++ bugfix/all/agp-zero-pages-before-sending-to-userspace.patch

More information about the Kernel-svn-changes mailing list