[kernel] r14571 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Nov 5 02:44:49 UTC 2009
Author: dannf
Date: Thu Nov 5 02:44:47 2009
New Revision: 14571
Log:
net: fix information leak due to uninitialized structures in
getname functions (CVE-2009-3002)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch
- copied unchanged from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch
- copied unchanged from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch
- copied unchanged from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch
- copied unchanged from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/26etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Thu Nov 5 02:42:37 2009 (r14570)
+++ dists/etch-security/linux-2.6/debian/changelog Thu Nov 5 02:44:47 2009 (r14571)
@@ -3,6 +3,8 @@
* [s390] Fix missing capability check in z90crypt driver (CVE-2009-1883)
* net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
* fix information leak in llc_ui_getname (CVE-2009-3001)
+ * net: fix information leak due to uninitialized structures in
+ getname functions (CVE-2009-3002)
-- dann frazier <dannf at debian.org> Tue, 15 Sep 2009 22:19:58 -0600
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch Thu Nov 5 02:44:47 2009 (r14571, copy of r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/econet-fix-econet_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 80922bbb12a105f858a8f0abb879cb4302d0ecaa
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:48:36 2009 +0000
+
+ econet: Fix econet_getname() leak
+
+ econet_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 2e1f836..f0bbc57 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -520,6 +520,7 @@ static int econet_getname(struct socket *sock, struct sockaddr *uaddr,
+ if (peer)
+ return -EOPNOTSUPP;
+
++ memset(sec, 0, sizeof(*sec));
+ mutex_lock(&econet_mutex);
+
+ sk = sock->sk;
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch Thu Nov 5 02:44:47 2009 (r14571, copy of r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/irda-fix-irda_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 09384dfc76e526c3993c09c42e016372dc9dd22c
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:55:04 2009 +0000
+
+ irda: Fix irda_getname() leak
+
+ irda_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
+index cb762c8..3ec2b43 100644
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -714,6 +714,7 @@ static int irda_getname(struct socket *sock, struct sockaddr *uaddr,
+ struct sock *sk = sock->sk;
+ struct irda_sock *self = irda_sk(sk);
+
++ memset(&saddr, 0, sizeof(saddr));
+ if (peer) {
+ if (sk->sk_state != TCP_ESTABLISHED)
+ return -ENOTCONN;
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch Thu Nov 5 02:44:47 2009 (r14571, copy of r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/netrom-fix-nr_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit f6b97b29513950bfbf621a83d85b6f86b39ec8db
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:31:07 2009 +0000
+
+ netrom: Fix nr_getname() leak
+
+ nr_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
+index ce51ce0..ce1a34b 100644
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -847,6 +847,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
+ sax->fsa_ax25.sax25_family = AF_NETROM;
+ sax->fsa_ax25.sax25_ndigis = 1;
+ sax->fsa_ax25.sax25_call = nr->user_addr;
++ memset(sax->fsa_digipeater, 0, sizeof(sax->fsa_digipeater));
+ sax->fsa_digipeater[0] = nr->dest_addr;
+ *uaddr_len = sizeof(struct full_sockaddr_ax25);
+ } else {
Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch Thu Nov 5 02:44:47 2009 (r14571, copy of r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/rose-fix-rose_getname-leak.patch)
@@ -0,0 +1,23 @@
+commit 17ac2e9c58b69a1e25460a568eae1b0dc0188c25
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu Aug 6 03:34:06 2009 +0000
+
+ rose: Fix rose_getname() leak
+
+ rose_getname() can leak kernel memory to user.
+
+ Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index f0a76f6..e5f478c 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -954,6 +954,7 @@ static int rose_getname(struct socket *sock, struct sockaddr *uaddr,
+ struct rose_sock *rose = rose_sk(sk);
+ int n;
+
++ memset(srose, 0, sizeof(*srose));
+ if (peer != 0) {
+ if (sk->sk_state != TCP_ESTABLISHED)
+ return -ENOTCONN;
Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch1 Thu Nov 5 02:42:37 2009 (r14570)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch1 Thu Nov 5 02:44:47 2009 (r14571)
@@ -1,3 +1,7 @@
+ bugfix/s390/z90crypt-missing-cap-check.patch
+ bugfix/all/net-ax25-fix-signed-comparison-in-the-sockopt-handler.patch
+ bugfix/all/net-llc-zero-sockaddr_llc-struct.patch
++ bugfix/all/irda-fix-irda_getname-leak.patch
++ bugfix/all/rose-fix-rose_getname-leak.patch
++ bugfix/all/econet-fix-econet_getname-leak.patch
++ bugfix/all/netrom-fix-nr_getname-leak.patch
More information about the Kernel-svn-changes
mailing list