[kernel] r15146 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Fri Feb 12 00:16:16 UTC 2010 

Author: dannf
Date: Fri Feb 12 00:16:12 2010
New Revision: 15146

Log:
futex: Handle user space corruption gracefully (CVE-2010-0622)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
   dists/lenny-security/linux-2.6/debian/patches/series/21lenny4
Modified:
   dists/lenny-security/linux-2.6/debian/changelog

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Thu Feb 11 11:54:45 2010	(r15145)
+++ dists/lenny-security/linux-2.6/debian/changelog	Fri Feb 12 00:16:12 2010	(r15146)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.26-21lenny4) UNRELEASED; urgency=low
+
+  * futex: Handle user space corruption gracefully (CVE-2010-0622)
+
+ -- dann frazier <dannf at debian.org>  Thu, 11 Feb 2010 17:14:23 -0700
+
 linux-2.6 (2.6.26-21lenny3) stable-security; urgency=high
 
   * Additional fixes for CVE-2010-0307

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/futex-handle-user-space-corruption-gracefully.patch	Fri Feb 12 00:16:12 2010	(r15146)
@@ -0,0 +1,30 @@
+commit 984ae3529bd00eaa1b6d62e404a5c64b14ac05ed
+Author: dann frazier <dannf at hp.com>
+Date:   Thu Feb 11 17:07:25 2010 -0700
+
+    [Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>]
+    
+      commit 51246bfd189064079c54421507236fd2723b18f3
+      Author: Thomas Gleixner <tglx at linutronix.de>
+      Date:   Tue Feb 2 11:40:27 2010 +0100
+    
+          futex: Handle user space corruption gracefully
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index ec84da5..a316902 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -630,6 +630,13 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
+ 	if (!pi_state)
+ 		return -EINVAL;
+ 
++	/*
++	 * If current does not own the pi_state then the futex is
++	 * inconsistent and user space fiddled with the futex value.
++	 */
++	if (pi_state->owner != current)
++		return -EINVAL;
++
+ 	spin_lock(&pi_state->pi_mutex.wait_lock);
+ 	new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
+ 

Added: dists/lenny-security/linux-2.6/debian/patches/series/21lenny4
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny4	Fri Feb 12 00:16:12 2010	(r15146)
@@ -0,0 +1 @@
++ bugfix/all/futex-handle-user-space-corruption-gracefully.patch

More information about the Kernel-svn-changes mailing list