[kernel] r14483 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Oct 28 05:36:23 UTC 2009
Author: dannf
Date: Wed Oct 28 05:36:21 2009
New Revision: 14483
Log:
md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
attributes (CVE-2009-2849)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
- copied unchanged from r14470, dists/etch-security/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Wed Oct 28 05:31:05 2009 (r14482)
+++ dists/etch-security/linux-2.6.24/debian/changelog Wed Oct 28 05:36:21 2009 (r14483)
@@ -4,6 +4,8 @@
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
(CVE-2009-2847)
* execve: must clear current->clear_child_tid (CVE-2009-2848)
+ * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
+ attributes (CVE-2009-2849)
-- dann frazier <dannf at debian.org> Tue, 27 Oct 2009 22:41:25 -0600
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch (from r14470, dists/etch-security/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch Wed Oct 28 05:36:21 2009 (r14483, copy of r14470, dists/etch-security/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch)
@@ -0,0 +1,39 @@
+commit b8d966efd9a46a9a35beac50cbff6e30565125ef
+Author: NeilBrown <neilb at suse.de>
+Date: Wed Jul 1 11:14:04 2009 +1000
+
+ md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes.
+
+ If we try to modify one of the md/ sysfs files
+ suspend_lo or suspend_hi
+ when the array is not active, we dereference a NULL.
+ Protect against that.
+
+ Cc: stable at kernel.org
+ Signed-off-by: NeilBrown <neilb at suse.de>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/drivers/md/md.c linux-source-2.6.18/drivers/md/md.c
+--- linux-source-2.6.18.orig/drivers/md/md.c 2009-08-15 12:05:07.000000000 -0600
++++ linux-source-2.6.18/drivers/md/md.c 2009-08-20 15:02:27.000000000 -0600
+@@ -2772,7 +2772,8 @@ suspend_lo_store(mddev_t *mddev, const c
+ char *e;
+ unsigned long long new = simple_strtoull(buf, &e, 10);
+
+- if (mddev->pers->quiesce == NULL)
++ if (mddev->pers == NULL ||
++ mddev->pers->quiesce == NULL)
+ return -EINVAL;
+ if (buf == e || (*e && *e != '\n'))
+ return -EINVAL;
+@@ -2800,7 +2801,8 @@ suspend_hi_store(mddev_t *mddev, const c
+ char *e;
+ unsigned long long new = simple_strtoull(buf, &e, 10);
+
+- if (mddev->pers->quiesce == NULL)
++ if (mddev->pers == NULL ||
++ mddev->pers->quiesce == NULL)
+ return -EINVAL;
+ if (buf == e || (*e && *e != '\n'))
+ return -EINVAL;
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Oct 28 05:31:05 2009 (r14482)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Oct 28 05:36:21 2009 (r14483)
@@ -1,3 +1,4 @@
+ bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch
+ bugfix/all/do_sigaltstack-avoid-copying-stack_t-as-a-structure-to-userspace.patch
+ bugfix/all/execve-must-clear-current-clear_child_tid.patch
++ bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
More information about the Kernel-svn-changes
mailing list