[kernel] r15159 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Feb 16 01:54:14 UTC 2010
Author: dannf
Date: Tue Feb 16 01:54:12 2010
New Revision: 15159
Log:
isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/26etch2
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Tue Feb 16 01:52:17 2010 (r15158)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Feb 16 01:54:12 2010 (r15159)
@@ -3,6 +3,7 @@
* [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
* NFSv4: Fix a problem whereby a buggy server can oops the kernel
(CVE-2009-3726)
+ * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
-- dann frazier <dannf at debian.org> Mon, 15 Feb 2010 18:32:14 -0700
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch Tue Feb 16 01:54:12 2010 (r15159)
@@ -0,0 +1,26 @@
+commit 8df9b558c809840bf68b90fe137c92727ff57ec4
+Author: dann frazier <dannf at hp.com>
+Date: Mon Feb 15 18:50:31 2010 -0700
+
+ [Adjusted to apply to Debian's 2.6.18]
+ commit 286e633ef0ff5bb63c07b4516665da8004966fec
+ Author: Roel Kluin <roel.kluin at gmail.com>
+ Date: Wed Nov 4 08:31:59 2009 -0800
+
+ isdn: hfc_usb: Fix read buffer overflow
+
+diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
+index b5e571a..ae7425c 100644
+--- a/drivers/isdn/hisax/hfc_usb.c
++++ b/drivers/isdn/hisax/hfc_usb.c
+@@ -873,8 +873,8 @@ collect_rx_frame(usb_fifo * fifo, __u8 * data, int len, int finish)
+ }
+ /* we have a complete hdlc packet */
+ if (finish) {
+- if ((!fifo->skbuff->data[fifo->skbuff->len - 1])
+- && (fifo->skbuff->len > 3)) {
++ if (fifo->skbuff->len > 3 &&
++ !fifo->skbuff->data[fifo->skbuff->len - 1]) {
+ /* remove CRC & status */
+ skb_trim(fifo->skbuff, fifo->skbuff->len - 3);
+ if (fifon == HFCUSB_PCM_RX) {
Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch2 Tue Feb 16 01:52:17 2010 (r15158)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch2 Tue Feb 16 01:54:12 2010 (r15159)
@@ -1,2 +1,3 @@
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
++ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
More information about the Kernel-svn-changes
mailing list