[kernel] r14395 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Fri Oct 16 22:17:03 UTC 2009
Author: dannf
Date: Fri Oct 16 22:17:02 2009
New Revision: 14395
Log:
NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
union (CVE-2009-3286)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/19lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Fri Oct 16 22:09:39 2009 (r14394)
+++ dists/lenny-security/linux-2.6/debian/changelog Fri Oct 16 22:17:02 2009 (r14395)
@@ -14,6 +14,8 @@
* net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
* x86: Don't leak 64-bit kernel register values to 32-bit processes
(CVE-2009-2910)
+ * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
+ union (CVE-2009-3286)
-- dann frazier <dannf at debian.org> Tue, 15 Sep 2009 22:54:06 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch Fri Oct 16 22:17:02 2009 (r14395)
@@ -0,0 +1,29 @@
+un-union iattr & verf, from 79fb54abd285b442e1f30f851902f3ddf58e7704
+
+diff -urpN linux-source-2.6.26.orig/include/linux/nfsd/xdr4.h linux-source-2.6.26/include/linux/nfsd/xdr4.h
+--- linux-source-2.6.26.orig/include/linux/nfsd/xdr4.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/nfsd/xdr4.h 2009-10-15 23:55:47.000000000 -0600
+@@ -207,10 +207,8 @@ struct nfsd4_open {
+ u32 op_create; /* request */
+ u32 op_createmode; /* request */
+ u32 op_bmval[2]; /* request */
+- union { /* request */
+- struct iattr iattr; /* UNCHECKED4,GUARDED4 */
+- nfs4_verifier verf; /* EXCLUSIVE4 */
+- } u;
++ struct iattr iattr; /* UNCHECKED4, GUARDED4, EXCLUSIVE4_1 */
++ nfs4_verifier verf; /* EXCLUSIVE4 */
+ clientid_t op_clientid; /* request */
+ struct xdr_netobj op_owner; /* request */
+ u32 op_seqid; /* request */
+@@ -224,8 +222,8 @@ struct nfsd4_open {
+ struct nfs4_stateowner *op_stateowner; /* used during processing */
+ struct nfs4_acl *op_acl;
+ };
+-#define op_iattr u.iattr
+-#define op_verf u.verf
++#define op_iattr iattr
++#define op_verf verf
+
+ struct nfsd4_open_confirm {
+ stateid_t oc_req_stateid /* request */;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/19lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/19lenny1 Fri Oct 16 22:09:39 2009 (r14394)
+++ dists/lenny-security/linux-2.6/debian/patches/series/19lenny1 Fri Oct 16 22:17:02 2009 (r14395)
@@ -16,3 +16,4 @@
+ bugfix/all/net-ax25-fix-signed-comparison-in-the-sockopt-handler.patch
+ bugfix/x86/x86-64-slightly-stream-line-32-bit-syscall-entry-code.patch
+ bugfix/x86/don-t-leak-64-bit-kernel-register-values-to-32-bit-processes.patch
++ bugfix/all/nfsd4-de-union-iattr-and-verf.patch
More information about the Kernel-svn-changes
mailing list