[kernel] r13514 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Apr 28 04:39:35 UTC 2009 

Author: dannf
Date: Tue Apr 28 04:39:34 2009
New Revision: 13514

Log:
agp: zero pages before sending to userspace (CVE-2009-1192)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/15lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Tue Apr 28 04:22:54 2009	(r13513)
+++ dists/lenny-security/linux-2.6/debian/changelog	Tue Apr 28 04:39:34 2009	(r13514)
@@ -14,6 +14,7 @@
   * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
   * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
     (CVE-NEEDED)
+  * agp: zero pages before sending to userspace (CVE-2009-1192)
 
  -- dann frazier <dannf at debian.org>  Fri, 03 Apr 2009 19:12:51 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/agp-zero-pages-before-sending-to-userspace.patch	Tue Apr 28 04:39:34 2009	(r13514)
@@ -0,0 +1,27 @@
+commit 59de2bebabc5027f93df999d59cc65df591c3e6e
+Author: Shaohua Li <shaohua.li at intel.com>
+Date:   Mon Apr 20 10:08:35 2009 +1000
+
+    agp: zero pages before sending to userspace
+    
+    AGP pages might be mapped into userspace finally, so the pages should be
+    set to zero before userspace can use it. Otherwise there is potential
+    information leakage.
+    
+    Signed-off-by: Shaohua Li <shaohua.li at intel.com>
+    Signed-off-by: Dave Airlie <airlied at redhat.com>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/char/agp/generic.c linux-source-2.6.26/drivers/char/agp/generic.c
+--- linux-source-2.6.26.orig/drivers/char/agp/generic.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/drivers/char/agp/generic.c	2009-04-27 21:32:00.000000000 -0600
+@@ -1182,7 +1182,7 @@ void *agp_generic_alloc_page(struct agp_
+ {
+ 	struct page * page;
+ 
+-	page = alloc_page(GFP_KERNEL | GFP_DMA32);
++	page = alloc_page(GFP_KERNEL | GFP_DMA32 | __GFP_ZERO);
+ 	if (page == NULL)
+ 		return NULL;
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/15lenny1	Tue Apr 28 04:22:54 2009	(r13513)
+++ dists/lenny-security/linux-2.6/debian/patches/series/15lenny1	Tue Apr 28 04:39:34 2009	(r13514)
@@ -11,3 +11,4 @@
 + bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
 + bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
 + bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
++ bugfix/all/agp-zero-pages-before-sending-to-userspace.patch

More information about the Kernel-svn-changes mailing list