[kernel] r15132 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 8 23:34:44 UTC 2010
Author: dannf
Date: Mon Feb 8 23:34:42 2010
New Revision: 15132
Log:
Fix potential crash with sys_move_pages (CVE-2010-0415)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Sun Feb 7 17:31:57 2010 (r15131)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Feb 8 23:34:42 2010 (r15132)
@@ -3,6 +3,7 @@
* Additional fixes for CVE-2010-0307
* KVM: PIT: control word is write-only (CVE-2010-0309)
* connector: Delete buggy notification code. (CVE-2010-0410)
+ * Fix potential crash with sys_move_pages (CVE-2010-0415)
-- dann frazier <dannf at debian.org> Thu, 04 Feb 2010 17:43:31 -0700
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch Mon Feb 8 23:34:42 2010 (r15132)
@@ -0,0 +1,32 @@
+commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date: Fri Feb 5 16:16:50 2010 -0800
+
+ Fix potential crash with sys_move_pages
+
+ We incorrectly depended on the 'node_state/node_isset()' functions
+ testing the node range, rather than checking it explicitly. That's not
+ reliable, even if it might often happen to work. So do the proper
+ explicit test.
+
+ Reported-by: Marcus Meissner <meissner at suse.de>
+ Acked-and-tested-by: Brice Goglin <Brice.Goglin at inria.fr>
+ Acked-by: Hugh Dickins <hugh.dickins at tiscali.co.uk>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/mm/migrate.c linux-source-2.6.26/mm/migrate.c
+--- linux-source-2.6.26.orig/mm/migrate.c 2009-12-26 01:14:56.000000000 -0700
++++ linux-source-2.6.26/mm/migrate.c 2010-02-08 13:21:04.000000000 -0700
+@@ -1040,6 +1040,9 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid,
+ goto out;
+
+ err = -ENODEV;
++ if (node < 0 || node >= MAX_NUMNODES)
++ goto out;
++
+ if (!node_state(node, N_HIGH_MEMORY))
+ goto out;
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny3 Sun Feb 7 17:31:57 2010 (r15131)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny3 Mon Feb 8 23:34:42 2010 (r15132)
@@ -3,3 +3,4 @@
+ bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
+ bugfix/x86/kvm-pit-control-word-is-write-only.patch
+ bugfix/all/connector-delete-buggy-notification-code.patch
++ bugfix/all/fix-potential-crash-with-sys_move_pages.patch
More information about the Kernel-svn-changes
mailing list