[kernel] r14572 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Nov 5 02:47:05 UTC 2009 

Author: dannf
Date: Thu Nov  5 02:47:04 2009
New Revision: 14572

Log:
tc: Fix uninitialized kernel memory leak (CVE-2009-3228)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch
      - copied unchanged from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/26etch1

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Thu Nov  5 02:44:47 2009	(r14571)
+++ dists/etch-security/linux-2.6/debian/changelog	Thu Nov  5 02:47:04 2009	(r14572)
@@ -5,6 +5,7 @@
   * fix information leak in llc_ui_getname (CVE-2009-3001)
   * net: fix information leak due to uninitialized structures in
     getname functions (CVE-2009-3002)
+  * tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
 
  -- dann frazier <dannf at debian.org>  Tue, 15 Sep 2009 22:19:58 -0600
 

Copied: dists/etch-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch (from r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/tc-fix-pad-leak.patch	Thu Nov  5 02:47:04 2009	(r14572, copy of r14564, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/tc-fix-pad-leak.patch)
@@ -0,0 +1,26 @@
+commit 16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
+Author: Eric Dumazet <eric.dumazet at gmail.com>
+Date:   Wed Sep 2 02:40:09 2009 +0000
+
+    tc: Fix unitialized kernel memory leak
+    
+    Three bytes of uninitialized kernel memory are currently leaked to user
+    
+    Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+    Reviewed-by: Jiri Pirko <jpirko at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/net/sched/sch_api.c linux-source-2.6.26/net/sched/sch_api.c
+--- linux-source-2.6.26.orig/net/sched/sch_api.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/sched/sch_api.c	2009-10-27 21:31:09.000000000 -0600
+@@ -1080,6 +1080,8 @@ static int tc_fill_tclass(struct sk_buff
+ 	nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags);
+ 	tcm = NLMSG_DATA(nlh);
+ 	tcm->tcm_family = AF_UNSPEC;
++	tcm->tcm__pad1 = 0;
++	tcm->tcm__pad2 = 0;
+ 	tcm->tcm_ifindex = q->dev->ifindex;
+ 	tcm->tcm_parent = q->handle;
+ 	tcm->tcm_handle = q->handle;

Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch1	Thu Nov  5 02:44:47 2009	(r14571)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch1	Thu Nov  5 02:47:04 2009	(r14572)
@@ -5,3 +5,4 @@
 + bugfix/all/rose-fix-rose_getname-leak.patch
 + bugfix/all/econet-fix-econet_getname-leak.patch
 + bugfix/all/netrom-fix-nr_getname-leak.patch
++ bugfix/all/tc-fix-pad-leak.patch

More information about the Kernel-svn-changes mailing list