[kernel] r15132 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Feb 8 23:34:44 UTC 2010 

Author: dannf
Date: Mon Feb  8 23:34:42 2010
New Revision: 15132

Log:
Fix potential crash with sys_move_pages (CVE-2010-0415)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/21lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Sun Feb  7 17:31:57 2010	(r15131)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Feb  8 23:34:42 2010	(r15132)
@@ -3,6 +3,7 @@
   * Additional fixes for CVE-2010-0307
   * KVM: PIT: control word is write-only (CVE-2010-0309)
   * connector: Delete buggy notification code. (CVE-2010-0410)
+  * Fix potential crash with sys_move_pages (CVE-2010-0415)
 
  -- dann frazier <dannf at debian.org>  Thu, 04 Feb 2010 17:43:31 -0700
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fix-potential-crash-with-sys_move_pages.patch	Mon Feb  8 23:34:42 2010	(r15132)
@@ -0,0 +1,32 @@
+commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0
+Author: Linus Torvalds <torvalds at linux-foundation.org>
+Date:   Fri Feb 5 16:16:50 2010 -0800
+
+    Fix potential crash with sys_move_pages
+    
+    We incorrectly depended on the 'node_state/node_isset()' functions
+    testing the node range, rather than checking it explicitly.  That's not
+    reliable, even if it might often happen to work.  So do the proper
+    explicit test.
+    
+    Reported-by: Marcus Meissner <meissner at suse.de>
+    Acked-and-tested-by: Brice Goglin <Brice.Goglin at inria.fr>
+    Acked-by: Hugh Dickins <hugh.dickins at tiscali.co.uk>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/mm/migrate.c linux-source-2.6.26/mm/migrate.c
+--- linux-source-2.6.26.orig/mm/migrate.c	2009-12-26 01:14:56.000000000 -0700
++++ linux-source-2.6.26/mm/migrate.c	2010-02-08 13:21:04.000000000 -0700
+@@ -1040,6 +1040,9 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, 
+ 				goto out;
+ 
+ 			err = -ENODEV;
++			if (node < 0 || node >= MAX_NUMNODES)
++				goto out;
++
+ 			if (!node_state(node, N_HIGH_MEMORY))
+ 				goto out;
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny3	Sun Feb  7 17:31:57 2010	(r15131)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny3	Mon Feb  8 23:34:42 2010	(r15132)
@@ -3,3 +3,4 @@
 + bugfix/sparc/sparc-tif_abi_pending-bit-removal.patch
 + bugfix/x86/kvm-pit-control-word-is-write-only.patch
 + bugfix/all/connector-delete-buggy-notification-code.patch
++ bugfix/all/fix-potential-crash-with-sys_move_pages.patch

More information about the Kernel-svn-changes mailing list