[kernel] r13032 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Sun Mar 8 20:08:48 UTC 2009 

Author: dannf
Date: Sun Mar  8 20:08:47 2009
New Revision: 13032

Log:
skfp: Fix inverted capabilities check logic (CVE-2009-0675)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/skfp-fix-inverted-cap-logic.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/13lenny2

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	(original)
+++ dists/lenny-security/linux-2.6/debian/changelog	Sun Mar  8 20:08:47 2009
@@ -1,8 +1,9 @@
 linux-2.6 (2.6.26-13lenny2) UNRELEASED; urgency=high
 
   * Additional mips fixes for CVE-2009-0029.
+  * skfp: Fix inverted capabilities check logic (CVE-2009-0675)
 
- -- dann frazier <dannf at debian.org>  Sun, 08 Mar 2009 13:29:00 -0600
+ -- dann frazier <dannf at debian.org>  Sun, 08 Mar 2009 14:06:42 -0600
 
 linux-2.6 (2.6.26-13lenny1) stable-security; urgency=high
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/skfp-fix-inverted-cap-logic.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/skfp-fix-inverted-cap-logic.patch	Sun Mar  8 20:08:47 2009
@@ -0,0 +1,27 @@
+commit c25b9abbc2c2c0da88e180c3933d6e773245815a
+Author: Roel Kluin <roel.kluin at gmail.com>
+Date:   Thu Jan 29 17:32:20 2009 -0800
+
+    drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic
+    
+    Fix inverted logic
+    
+    Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/drivers/net/skfp/skfddi.c b/drivers/net/skfp/skfddi.c
+index 607efea..9a00e55 100644
+--- a/drivers/net/skfp/skfddi.c
++++ b/drivers/net/skfp/skfddi.c
+@@ -1003,9 +1003,9 @@ static int skfp_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+ 		break;
+ 	case SKFP_CLR_STATS:	/* Zero out the driver statistics */
+ 		if (!capable(CAP_NET_ADMIN)) {
+-			memset(&lp->MacStat, 0, sizeof(lp->MacStat));
+-		} else {
+ 			status = -EPERM;
++		} else {
++			memset(&lp->MacStat, 0, sizeof(lp->MacStat));
+ 		}
+ 		break;
+ 	default:

Modified: dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/13lenny2	(original)
+++ dists/lenny-security/linux-2.6/debian/patches/series/13lenny2	Sun Mar  8 20:08:47 2009
@@ -2,3 +2,4 @@
 - bugfix/all/CVE-2009-0029/mips-finish-fixing-CVE-2009-0029.patch
 + bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch
 + bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch
++ bugfix/all/skfp-fix-inverted-cap-logic.patch

More information about the Kernel-svn-changes mailing list