[kernel] r15073 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 02:54:03 UTC 2010
Author: dannf
Date: Mon Feb 1 02:54:02 2010
New Revision: 15073
Log:
[SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
(CVE-2009-3889)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
- copied, changed from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:49:42 2010 (r15072)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:54:02 2010 (r15073)
@@ -7,6 +7,8 @@
* [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
* NFSv4: Fix a problem whereby a buggy server can oops the kernel
(CVE-2009-3726)
+ * [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
+ (CVE-2009-3889)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Copied and modified: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch)
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch Sun Jan 31 21:26:06 2010 (r15068, copy source)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch Mon Feb 1 02:54:02 2010 (r15073)
@@ -16,16 +16,17 @@
Acked-by: "Yang, Bo" <Bo.Yang at lsi.com>
Signed-off-by: James Bottomley <James.Bottomley at HansenPartnership.com>
-diff --git a/drivers/scsi/megaraid/megaraid_sas.c b/drivers/scsi/megaraid/megaraid_sas.c
-index 870dc1c..97b7633 100644
---- a/drivers/scsi/megaraid/megaraid_sas.c
-+++ b/drivers/scsi/megaraid/megaraid_sas.c
-@@ -3405,7 +3405,7 @@ megasas_sysfs_set_dbg_lvl(struct device_driver *dd, const char *buf, size_t coun
+Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.24.orig/drivers/scsi/megaraid/megaraid_sas.c linux-source-2.6.24/drivers/scsi/megaraid/megaraid_sas.c
+--- linux-source-2.6.24.orig/drivers/scsi/megaraid/megaraid_sas.c 2008-01-24 15:58:37.000000000 -0700
++++ linux-source-2.6.24/drivers/scsi/megaraid/megaraid_sas.c 2010-01-31 19:51:22.000000000 -0700
+@@ -3018,7 +3018,7 @@ megasas_sysfs_set_dbg_lvl(struct device_
return retval;
}
-static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUGO, megasas_sysfs_show_dbg_lvl,
+static DRIVER_ATTR(dbg_lvl, S_IRUGO|S_IWUSR, megasas_sysfs_show_dbg_lvl,
- megasas_sysfs_set_dbg_lvl);
+ megasas_sysfs_set_dbg_lvl);
- static ssize_t
+ /**
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:49:42 2010 (r15072)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:54:02 2010 (r15073)
@@ -7,3 +7,4 @@
+ bugfix/all/security-define-round_hint_to_min-when-CONFIG_SECURITY-is-off.patch
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
++ bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
More information about the Kernel-svn-changes
mailing list