[kernel] r14554 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Nov 4 21:23:21 UTC 2009 

Author: dannf
Date: Wed Nov  4 21:23:18 2009
New Revision: 14554

Log:
tc: Fix uninitialized kernel memory leak (CVE-2009-3228)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch
      - copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Wed Nov  4 21:20:36 2009	(r14553)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Wed Nov  4 21:23:18 2009	(r14554)
@@ -22,6 +22,7 @@
   * fix information leak in llc_ui_getname (CVE-2009-3001)
   * net: fix information leak due to uninitialized structures in
     getname functions (CVE-2009-3002)
+  * tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
 
  -- dann frazier <dannf at debian.org>  Tue, 27 Oct 2009 22:41:25 -0600
 

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch	Wed Nov  4 21:23:18 2009	(r14554, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch)
@@ -0,0 +1,26 @@
+commit 16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date:   Wed Sep 2 02:40:09 2009 +0000
+
+    tc: Fix unitialized kernel memory leak
+    
+    Three bytes of uninitialized kernel memory are currently leaked to user
+    
+    Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+    Reviewed-by: Jiri Pirko <jpirko at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/net/sched/sch_api.c linux-source-2.6.26/net/sched/sch_api.c
+--- linux-source-2.6.26.orig/net/sched/sch_api.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/sched/sch_api.c	2009-10-27 21:31:09.000000000 -0600
+@@ -1080,6 +1080,8 @@ static int tc_fill_tclass(struct sk_buff
+ 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags);
+ 	tcm = NLMSG_DATA(nlh);
+ 	tcm->tcm_family = AF_UNSPEC;
++	tcm->tcm__pad1 = 0;
++	tcm->tcm__pad2 = 0;
+ 	tcm->tcm_ifindex = q->dev->ifindex;
+ 	tcm->tcm_parent = q->handle;
+ 	tcm->tcm_handle = q->handle;

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Nov  4 21:20:36 2009	(r14553)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4	Wed Nov  4 21:23:18 2009	(r14554)
@@ -18,3 +18,4 @@
 + bugfix/all/rose-fix-rose_getname-leak.patch
 + bugfix/all/econet-fix-econet_getname-leak.patch
 + bugfix/all/netrom-fix-nr_getname-leak.patch
++ bugfix/all/tc-fix-pad-leak.patch

More information about the Kernel-svn-changes mailing list