[kernel] r14553 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Nov 4 21:20:38 UTC 2009
Author: dannf
Date: Wed Nov 4 21:20:36 2009
New Revision: 14553
Log:
net: fix information leak due to uninitialized structures in
getname functions (CVE-2009-3002)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch
- copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch
- copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch
- copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch
- copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 21:14:37 2009 (r14552)
+++ dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 21:20:36 2009 (r14553)
@@ -20,6 +20,8 @@
* x86: Don't leak 64-bit kernel register values to 32-bit processes
(CVE-2009-2910)
* fix information leak in llc_ui_getname (CVE-2009-3001)
+ * net: fix information leak due to uninitialized structures in
+ getname functions (CVE-2009-3002)
-- dann frazier <dannf at debian.org> Tue, 27 Oct 2009 22:41:25 -0600
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch Wed Nov 4 21:20:36 2009 (r14553, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 80922bbb12a105f858a8f0abb879cb4302d0ecaa
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:48:36 2009 +0000
+
+ econet: Fix econet_getname() leak
+
+ econet_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 2e1f836..f0bbc57 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -520,6 +520,7 @@ static int econet_getname(struct socket *sock, struct sockaddr *uaddr,
+ if (peer)
+ return -EOPNOTSUPP;
+
++ memset(sec, 0, sizeof(*sec));
+ mutex_lock(&econet_mutex);
+
+ sk = sock->sk;
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch Wed Nov 4 21:20:36 2009 (r14553, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 09384dfc76e526c3993c09c42e016372dc9dd22c
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:55:04 2009 +0000
+
+ irda: Fix irda_getname() leak
+
+ irda_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
+index cb762c8..3ec2b43 100644
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -714,6 +714,7 @@ static int irda_getname(struct socket *sock, struct sockaddr *uaddr,
+ struct sock *sk = sock->sk;
+ struct irda_sock *self = irda_sk(sk);
+
++ memset(&saddr, 0, sizeof(saddr));
+ if (peer) {
+ if (sk->sk_state != TCP_ESTABLISHED)
+ return -ENOTCONN;
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch Wed Nov 4 21:20:36 2009 (r14553, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit f6b97b29513950bfbf621a83d85b6f86b39ec8db
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:31:07 2009 +0000
+
+ netrom: Fix nr_getname() leak
+
+ nr_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
+index ce51ce0..ce1a34b 100644
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -847,6 +847,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
+ sax->fsa_ax25.sax25_family = AF_NETROM;
+ sax->fsa_ax25.sax25_ndigis = 1;
+ sax->fsa_ax25.sax25_call = nr->user_addr;
++ memset(sax->fsa_digipeater, 0, sizeof(sax->fsa_digipeater));
+ sax->fsa_digipeater[0] = nr->dest_addr;
+ *uaddr_len = sizeof(struct full_sockaddr_ax25);
+ } else {
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch Wed Nov 4 21:20:36 2009 (r14553, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 17ac2e9c58b69a1e25460a568eae1b0dc0188c25
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:34:06 2009 +0000
+
+ rose: Fix rose_getname() leak
+
+ rose_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index f0a76f6..e5f478c 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -954,6 +954,7 @@ static int rose_getname(struct socket *sock, struct sockaddr *uaddr,
+ struct rose_sock *rose = rose_sk(sk);
+ int n;
+
++ memset(srose, 0, sizeof(*srose));
+ if (peer != 0) {
+ if (sk->sk_state != TCP_ESTABLISHED)
+ return -ENOTCONN;
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 21:14:37 2009 (r14552)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 21:20:36 2009 (r14553)
@@ -14,3 +14,7 @@
+ bugfix/x86-64-slightly-stream-line-32-bit-syscall-entry-code.patch
+ bugfix/don-t-leak-64-bit-kernel-register-values-to-32-bit-processes.patch
+ bugfix/all/net-llc-zero-sockaddr_llc-struct.patch
++ bugfix/all/irda-fix-irda_getname-leak.patch
++ bugfix/all/rose-fix-rose_getname-leak.patch
++ bugfix/all/econet-fix-econet_getname-leak.patch
++ bugfix/all/netrom-fix-nr_getname-leak.patch
More information about the Kernel-svn-changes
mailing list