[kernel] r12739 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Feb 10 04:35:35 UTC 2009 

Author: dannf
Date: Tue Feb 10 04:35:33 2009
New Revision: 12739

Log:
security: introduce missing kfree (CVE-2009-0031)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/security-keyctl-missing-kfree.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/14

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Tue Feb 10 04:35:33 2009
@@ -20,6 +20,7 @@
   * Fix sign-extend ABI issue w/ system calls on various 64-bit architectures
     (CVE-2009-0029)
   * Fix softlockups in sungem driver (Closes: #514624)
+  * security: introduce missing kfree (CVE-2009-0031)
 
   [ Martin Michlmayr ]
   * rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
@@ -30,7 +31,7 @@
   * [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken
     X.org. Not supportable and breaks to many things.
 
- -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 11:14:31 -0700
+ -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 21:32:48 -0700
 
 linux-2.6 (2.6.26-13) unstable; urgency=high
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/security-keyctl-missing-kfree.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/security-keyctl-missing-kfree.patch	Tue Feb 10 04:35:33 2009
@@ -0,0 +1,26 @@
+commit 0d54ee1c7850a954026deec4cd4885f331da35cc
+Author: Vegard Nossum <vegard.nossum at gmail.com>
+Date:   Sat Jan 17 17:45:45 2009 +0100
+
+    security: introduce missing kfree
+    
+    Plug this leak.
+    
+    Acked-by: David Howells <dhowells at redhat.com>
+    Cc: James Morris <jmorris at namei.org>
+    Cc: <stable at kernel.org>
+    Signed-off-by: Vegard Nossum <vegard.nossum at gmail.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index e9335e1..b1ec3b4 100644
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -270,6 +270,7 @@ long keyctl_join_session_keyring(const char __user *_name)
+ 
+ 	/* join the session */
+ 	ret = join_session_keyring(name);
++	kfree(name);
+ 
+  error:
+ 	return ret;

Modified: dists/sid/linux-2.6/debian/patches/series/14
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/14	(original)
+++ dists/sid/linux-2.6/debian/patches/series/14	Tue Feb 10 04:35:33 2009
@@ -61,3 +61,4 @@
 + bugfix/x86/alsa-hda-support-ecs-chips-with-sigmatel-codecs.patch
 + bugfix/x86/alsa-hda-add-support-for-toshiba-l305.patch
 + bugfix/sparc/sungem-soft-lockup-fix.patch
++ bugfix/all/security-keyctl-missing-kfree.patch

More information about the Kernel-svn-changes mailing list