[kernel] r14675 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Nov 25 05:03:06 UTC 2009 

Author: dannf
Date: Wed Nov 25 05:03:01 2009
New Revision: 14675

Log:
[SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/21

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog	Tue Nov 24 19:06:37 2009	(r14674)
+++ dists/lenny/linux-2.6/debian/changelog	Wed Nov 25 05:03:01 2009	(r14675)
@@ -19,6 +19,7 @@
     (Closes: #332942)
   * igb: Add 82576 MAC support (Closes: #522922), backport
     by Ben Hutchings
+  * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 24 Oct 2009 23:45:45 +0100
 

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch	Wed Nov 25 05:03:01 2009	(r14675)
@@ -0,0 +1,26 @@
+commit 690e744869f3262855b83b4fb59199cf142765b0
+Author: Dave Jones <davej at redhat.com>
+Date:   Mon Oct 19 19:55:13 2009 -0400
+
+    [SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
+    
+    A negative offset could be used to index before the event buffer and
+    lead to a security breach.
+    
+    Signed-off-by: Dave Jones <davej at redhat.com>
+    Cc: Stable Tree <stable at kernel.org>
+    Signed-off-by: James Bottomley <James.Bottomley at suse.de>
+
+diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
+index 185e6bc..9e8fce0 100644
+--- a/drivers/scsi/gdth.c
++++ b/drivers/scsi/gdth.c
+@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
+         eindex = handle;
+     estr->event_source = 0;
+ 
+-    if (eindex >= MAX_EVENTS) {
++    if (eindex < 0 || eindex >= MAX_EVENTS) {
+         spin_unlock_irqrestore(&ha->smp_lock, flags);
+         return eindex;
+     }

Modified: dists/lenny/linux-2.6/debian/patches/series/21
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/21	Tue Nov 24 19:06:37 2009	(r14674)
+++ dists/lenny/linux-2.6/debian/patches/series/21	Wed Nov 25 05:03:01 2009	(r14675)
@@ -28,3 +28,4 @@
 + bugfix/all/usbnet-link-down-initially-for-drivers-that-update.patch
 + bugfix/all/floppy-request-and-release-only-the-ports-we-actually-use.patch
 + features/all/igb-add-82576-MAC-support.patch
++ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch

More information about the Kernel-svn-changes mailing list