[kernel] r15074 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Feb 1 02:55:44 UTC 2010 

Author: dannf
Date: Mon Feb  1 02:55:42 2010
New Revision: 15074

Log:
isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)

Added:
   dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
      - copied unchanged from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
Modified:
   dists/etch-security/linux-2.6.24/debian/changelog
   dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2

Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog	Mon Feb  1 02:54:02 2010	(r15073)
+++ dists/etch-security/linux-2.6.24/debian/changelog	Mon Feb  1 02:55:42 2010	(r15074)
@@ -9,6 +9,7 @@
     (CVE-2009-3726)
   * [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
     (CVE-2009-3889)
+  * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
 
  -- dann frazier <dannf at debian.org>  Sun, 31 Jan 2010 17:17:52 -0700
 

Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch	Mon Feb  1 02:55:42 2010	(r15074, copy of r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch)
@@ -0,0 +1,28 @@
+commit 286e633ef0ff5bb63c07b4516665da8004966fec
+Author: Roel Kluin <roel.kluin at gmail.com>
+Date:   Wed Nov 4 08:31:59 2009 -0800
+
+    isdn: hfc_usb: Fix read buffer overflow
+    
+    Check whether index is within bounds before testing the element.
+    
+    Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
+    Cc: Karsten Keil <isdn at linux-pingi.de>
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
+index 9de5420..a420b64 100644
+--- a/drivers/isdn/hisax/hfc_usb.c
++++ b/drivers/isdn/hisax/hfc_usb.c
+@@ -817,8 +817,8 @@ collect_rx_frame(usb_fifo * fifo, __u8 * data, int len, int finish)
+ 	}
+ 	/* we have a complete hdlc packet */
+ 	if (finish) {
+-		if ((!fifo->skbuff->data[fifo->skbuff->len - 1])
+-		    && (fifo->skbuff->len > 3)) {
++		if (fifo->skbuff->len > 3 &&
++				!fifo->skbuff->data[fifo->skbuff->len - 1]) {
+ 
+ 			if (fifon == HFCUSB_D_RX) {
+ 				DBG(HFCUSB_DBG_DCHANNEL,

Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2	Mon Feb  1 02:54:02 2010	(r15073)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2	Mon Feb  1 02:55:42 2010	(r15074)
@@ -8,3 +8,4 @@
 + bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
 + bugfix/all/nfsv4-buggy-server-oops.patch
 + bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
++ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch

More information about the Kernel-svn-changes mailing list