[kernel] r14118 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Aug 16 15:19:58 UTC 2009
Author: dannf
Date: Sun Aug 16 15:19:56 2009
New Revision: 14118
Log:
net: fix possible NULL dereference in sock_sendpage() (CVE-2009-2692)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/24etch3
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Sat Aug 15 21:11:28 2009 (r14117)
+++ dists/etch-security/linux-2.6/debian/changelog Sun Aug 16 15:19:56 2009 (r14118)
@@ -1,11 +1,12 @@
-linux-2.6 (2.6.18.dfsg.1-24etch3) UNRELEASED; urgency=high
+linux-2.6 (2.6.18.dfsg.1-24etch3) oldstable-security; urgency=high
* e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
* r8169: fix crash when large packets are received (CVE-2009-1389)
* nfs4: fix MAY_EXEC handling (CVE-2009-1630)
* cifs: fix several string conversion issues (CVE-2009-1633)
+ * net: fix possible NULL dereference in sock_sendpage() (CVE-2009-2692)
- -- dann frazier <dannf at debian.org> Sat, 06 Jun 2009 09:55:38 -0600
+ -- dann frazier <dannf at debian.org> Sat, 15 Aug 2009 11:13:20 -0600
linux-2.6 (2.6.18.dfsg.1-24etch2) oldstable-security; urgency=high
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch Sun Aug 16 15:19:56 2009 (r14118)
@@ -0,0 +1,13 @@
+diff -urpN a/net/socket.c b/net/socket.c
+--- a/net/socket.c 2009-08-15 10:42:05.000000000 -0600
++++ b/net/socket.c 2009-08-15 11:09:49.000000000 -0600
+@@ -698,6 +698,9 @@ static ssize_t sock_sendpage(struct file
+ if (more)
+ flags |= MSG_MORE;
+
++ if (!sock->ops->sendpage)
++ return sock_no_sendpage(sock, page, offset, size, flags);
++
+ return sock->ops->sendpage(sock, page, offset, size, flags);
+ }
+
Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch3
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch3 Sat Aug 15 21:11:28 2009 (r14117)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch3 Sun Aug 16 15:19:56 2009 (r14118)
@@ -4,3 +4,4 @@
+ bugfix/all/cifs-fix-oops-when-windows-server-sent-bad-domain-name-null-terminator.patch
+ bugfix/all/cifs-fix-unicode-string-area-word-alignment-in-session-setup.patch
+ bugfix/all/cifs-increase-size-of-tmp_buf-in-cifs_readdir-to-avoid-potential-overflows.patch
++ bugfix/all/net-fix-possible-NULL-dereference-in-sock_sendpage.patch
More information about the Kernel-svn-changes
mailing list