[kernel] r14244 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/s390 patches/series

Dann Frazier dannf at alioth.debian.org
Wed Sep 16 04:23:20 UTC 2009 

Author: dannf
Date: Wed Sep 16 04:23:18 2009
New Revision: 14244

Log:
[s390] Fix missing capability check in z90crypt driver (CVE-2009-1883)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/s390/z90crypt-missing-cap-check.patch
   dists/etch-security/linux-2.6/debian/patches/series/24etch5
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Tue Sep 15 19:48:37 2009	(r14243)
+++ dists/etch-security/linux-2.6/debian/changelog	Wed Sep 16 04:23:18 2009	(r14244)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.18.dfsg.1-24etch5) UNRELEASED; urgency=high
+
+  * [s390] Fix missing capability check in z90crypt driver (CVE-2009-1883)
+
+ -- dann frazier <dannf at debian.org>  Tue, 15 Sep 2009 22:19:58 -0600
+
 linux-2.6 (2.6.18.dfsg.1-24etch4) oldstable-security; urgency=high
 
   * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/s390/z90crypt-missing-cap-check.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/s390/z90crypt-missing-cap-check.patch	Wed Sep 16 04:23:18 2009	(r14244)
@@ -0,0 +1,16 @@
+diff --git a/drivers/s390/crypto/z90main.c b/drivers/s390/crypto/z90main.c
+index 2e904ab..648310f 100644
+--- a/drivers/s390/crypto/z90main.c
++++ b/drivers/s390/crypto/z90main.c
+@@ -1968,9 +1968,8 @@ z90crypt_ioctl(struct inode *inode, struct file *filp,
+ 		break;
+ 
+ 	case Z90QUIESCE:
+-		if (current->euid != 0) {
+-			PRINTK("QUIESCE fails: euid %d\n",
+-			       current->euid);
++		if (!capable(CAP_SYS_ADMIN)) {
++			PRINTK("QUIESCE fails: No admin privileges!\n");
+ 			ret = -EACCES;
+ 		} else {
+ 			PRINTK("QUIESCE device from PID %d\n", PID());

Added: dists/etch-security/linux-2.6/debian/patches/series/24etch5
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch5	Wed Sep 16 04:23:18 2009	(r14244)
@@ -0,0 +1 @@
++ bugfix/s390/z90crypt-missing-cap-check.patch

More information about the Kernel-svn-changes mailing list