[kernel] r15071 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 02:44:47 UTC 2010
Author: dannf
Date: Mon Feb 1 02:44:46 2010
New Revision: 15071
Log:
[SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
- copied unchanged from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:42:03 2010 (r15070)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:44:46 2010 (r15071)
@@ -4,6 +4,7 @@
(CVE-2009-2691)
* selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
+ * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch Mon Feb 1 02:44:46 2010 (r15071, copy of r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch)
@@ -0,0 +1,26 @@
+commit 690e744869f3262855b83b4fb59199cf142765b0
+Author: Dave Jones <davej at redhat.com>
+Date: Mon Oct 19 19:55:13 2009 -0400
+
+ [SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
+
+ A negative offset could be used to index before the event buffer and
+ lead to a security breach.
+
+ Signed-off-by: Dave Jones <davej at redhat.com>
+ Cc: Stable Tree <stable at kernel.org>
+ Signed-off-by: James Bottomley <James.Bottomley at suse.de>
+
+diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
+index 185e6bc..9e8fce0 100644
+--- a/drivers/scsi/gdth.c
++++ b/drivers/scsi/gdth.c
+@@ -2900,7 +2900,7 @@ static int gdth_read_event(gdth_ha_str *ha, int handle, gdth_evt_str *estr)
+ eindex = handle;
+ estr->event_source = 0;
+
+- if (eindex >= MAX_EVENTS) {
++ if (eindex < 0 || eindex >= MAX_EVENTS) {
+ spin_unlock_irqrestore(&ha->smp_lock, flags);
+ return eindex;
+ }
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:42:03 2010 (r15070)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:44:46 2010 (r15071)
@@ -5,3 +5,4 @@
+ bugfix/all/security-seperate-lsm-specific-mmap_min_addr.patch
+ bugfix/all/security-seperate-lsm-specific-mmap_min_addr-abi.patch
+ bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch
++ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
More information about the Kernel-svn-changes
mailing list