[kernel] r12741 - in dists/sid/linux-2.6/debian: . patches/bugfix/x86 patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Feb 10 04:52:36 UTC 2009
Author: dannf
Date: Tue Feb 10 04:52:34 2009
New Revision: 12741
Log:
dell_rbu: use scnprintf instead of less secure sprintf (CVE-2009-0322)
Added:
dists/sid/linux-2.6/debian/patches/bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/14
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Tue Feb 10 04:52:34 2009
@@ -22,6 +22,7 @@
* Fix softlockups in sungem driver (Closes: #514624)
* security: introduce missing kfree (CVE-2009-0031)
* eCryptfs: check readlink result for error before use (CVE-2009-0269)
+ * dell_rbu: use scnprintf instead of less secure sprintf (CVE-2009-0322)
[ Martin Michlmayr ]
* rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
@@ -32,7 +33,7 @@
* [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken
X.org. Not supportable and breaks to many things.
- -- dann frazier <dannf at debian.org> Mon, 09 Feb 2009 21:39:16 -0700
+ -- dann frazier <dannf at debian.org> Mon, 09 Feb 2009 21:47:45 -0700
linux-2.6 (2.6.26-13) unstable; urgency=high
Added: dists/sid/linux-2.6/debian/patches/bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch Tue Feb 10 04:52:34 2009
@@ -0,0 +1,36 @@
+commit 81156928f8fe31621e467490b9d441c0285998c3
+Author: Pavel Roskin <proski at gnu.org>
+Date: Sat Jan 17 13:33:03 2009 -0500
+
+ dell_rbu: use scnprintf() instead of less secure sprintf()
+
+ Reading 0 bytes from /sys/devices/platform/dell_rbu/image_type or
+ /sys/devices/platform/dell_rbu/packet_size by an ordinary user causes an
+ oops.
+
+ Signed-off-by: Pavel Roskin <proski at gnu.org>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/firmware/dell_rbu.c linux-source-2.6.26/drivers/firmware/dell_rbu.c
+--- linux-source-2.6.26.orig/drivers/firmware/dell_rbu.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/drivers/firmware/dell_rbu.c 2009-02-09 21:44:12.000000000 -0700
+@@ -598,7 +598,7 @@ static ssize_t read_rbu_image_type(struc
+ {
+ int size = 0;
+ if (!pos)
+- size = sprintf(buffer, "%s\n", image_type);
++ size = scnprintf(buffer, count, "%s\n", image_type);
+ return size;
+ }
+
+@@ -670,7 +670,7 @@ static ssize_t read_rbu_packet_size(stru
+ int size = 0;
+ if (!pos) {
+ spin_lock(&rbu_data.lock);
+- size = sprintf(buffer, "%lu\n", rbu_data.packetsize);
++ size = scnprintf(buffer, count, "%lu\n", rbu_data.packetsize);
+ spin_unlock(&rbu_data.lock);
+ }
+ return size;
Modified: dists/sid/linux-2.6/debian/patches/series/14
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/14 (original)
+++ dists/sid/linux-2.6/debian/patches/series/14 Tue Feb 10 04:52:34 2009
@@ -63,3 +63,4 @@
+ bugfix/sparc/sungem-soft-lockup-fix.patch
+ bugfix/all/security-keyctl-missing-kfree.patch
+ bugfix/all/ecryptfs-check-readlink-result-before-use.patch
++ bugfix/x86/dell_rbu-use-scnprintf-instead-of-sprintf.patch
More information about the Kernel-svn-changes
mailing list