[kernel] r15074 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 02:55:44 UTC 2010
Author: dannf
Date: Mon Feb 1 02:55:42 2010
New Revision: 15074
Log:
isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
- copied unchanged from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:54:02 2010 (r15073)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 02:55:42 2010 (r15074)
@@ -9,6 +9,7 @@
(CVE-2009-3726)
* [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
(CVE-2009-3889)
+ * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch Mon Feb 1 02:55:42 2010 (r15074, copy of r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch)
@@ -0,0 +1,28 @@
+commit 286e633ef0ff5bb63c07b4516665da8004966fec
+Author: Roel Kluin <roel.kluin at gmail.com>
+Date: Wed Nov 4 08:31:59 2009 -0800
+
+ isdn: hfc_usb: Fix read buffer overflow
+
+ Check whether index is within bounds before testing the element.
+
+ Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
+ Cc: Karsten Keil <isdn at linux-pingi.de>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
+index 9de5420..a420b64 100644
+--- a/drivers/isdn/hisax/hfc_usb.c
++++ b/drivers/isdn/hisax/hfc_usb.c
+@@ -817,8 +817,8 @@ collect_rx_frame(usb_fifo * fifo, __u8 * data, int len, int finish)
+ }
+ /* we have a complete hdlc packet */
+ if (finish) {
+- if ((!fifo->skbuff->data[fifo->skbuff->len - 1])
+- && (fifo->skbuff->len > 3)) {
++ if (fifo->skbuff->len > 3 &&
++ !fifo->skbuff->data[fifo->skbuff->len - 1]) {
+
+ if (fifon == HFCUSB_D_RX) {
+ DBG(HFCUSB_DBG_DCHANNEL,
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:54:02 2010 (r15073)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 02:55:42 2010 (r15074)
@@ -8,3 +8,4 @@
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
+ bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
++ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
More information about the Kernel-svn-changes
mailing list