[kernel] r13538 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Sun May 3 19:01:59 UTC 2009 

Author: dannf
Date: Sun May  3 19:01:57 2009
New Revision: 13538

Log:
Fix unreached code in selinux_ip_postroute_iptables_compat()
(CVE-2009-1184)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/15lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Sun May  3 18:59:15 2009	(r13537)
+++ dists/lenny-security/linux-2.6/debian/changelog	Sun May  3 19:01:57 2009	(r13538)
@@ -1,4 +1,4 @@
-linux-2.6 (2.6.26-15lenny1) UNRELEASED; urgency=high
+linux-2.6 (2.6.26-15lenny1) stable-security; urgency=high
 
   * copy_process: fix CLONE_PARENT && parent_exec_id interaction
     (CVE-2009-0028)
@@ -15,8 +15,10 @@
   * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
     (CVE-2009-1439)
   * agp: zero pages before sending to userspace (CVE-2009-1192)
+  * Fix unreached code in selinux_ip_postroute_iptables_compat()
+    (CVE-2009-1184)
 
- -- dann frazier <dannf at debian.org>  Fri, 03 Apr 2009 19:12:51 -0600
+ -- dann frazier <dannf at debian.org>  Sun, 03 May 2009 13:00:51 -0600
 
 linux-2.6 (2.6.26-15) stable; urgency=high
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch	Sun May  3 19:01:57 2009	(r13538)
@@ -0,0 +1,31 @@
+commit 910c9e41186762de3717baaf392ab5ff0c454496
+Author: Eugene Teo <eteo at redhat.com>
+Date:   Mon Apr 13 10:04:41 2009 +0800
+
+    unreached code in selinux_ip_postroute_iptables_compat() (CVE-2009-1184)
+    
+    Not upstream in 2.6.30, as the function was removed there, making this a
+    non-issue.
+    
+    Node and port send checks can skip in the compat_net=1 case. This bug
+    was introduced in commit effad8d.
+    
+    Signed-off-by: Eugene Teo <eugeneteo at kernel.sg>
+    Reported-by: Dan Carpenter <error27 at gmail.com>
+    Acked-by: James Morris <jmorris at namei.org>
+    Acked-by: Paul Moore <paul.moore at hp.com>
+    Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/security/selinux/hooks.c linux-source-2.6.26/security/selinux/hooks.c
+--- linux-source-2.6.26.orig/security/selinux/hooks.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/security/selinux/hooks.c	2009-05-03 12:29:51.000000000 -0600
+@@ -4416,6 +4416,7 @@ static int selinux_ip_postroute_iptables
+ 	if (err)
+ 		return err;
+ 	err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
++	if (err)
+ 		return err;
+ 
+ 	err = sel_netnode_sid(addrp, family, &node_sid);

Modified: dists/lenny-security/linux-2.6/debian/patches/series/15lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/15lenny1	Sun May  3 18:59:15 2009	(r13537)
+++ dists/lenny-security/linux-2.6/debian/patches/series/15lenny1	Sun May  3 19:01:57 2009	(r13538)
@@ -12,3 +12,4 @@
 + bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
 + bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
 + bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
++ bugfix/all/unreached-code-in-selinux_ip_postroute_iptables_compat.patch

More information about the Kernel-svn-changes mailing list