[kernel] r15159 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Feb 16 01:54:14 UTC 2010 

Author: dannf
Date: Tue Feb 16 01:54:12 2010
New Revision: 15159

Log:
isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/26etch2

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	Tue Feb 16 01:52:17 2010	(r15158)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Feb 16 01:54:12 2010	(r15159)
@@ -3,6 +3,7 @@
   * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
   * NFSv4: Fix a problem whereby a buggy server can oops the kernel
     (CVE-2009-3726)
+  * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
 
  -- dann frazier <dannf at debian.org>  Mon, 15 Feb 2010 18:32:14 -0700
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch	Tue Feb 16 01:54:12 2010	(r15159)
@@ -0,0 +1,26 @@
+commit 8df9b558c809840bf68b90fe137c92727ff57ec4
+Author: dann frazier <dannf at hp.com>
+Date:   Mon Feb 15 18:50:31 2010 -0700
+
+    [Adjusted to apply to Debian's 2.6.18]
+    commit 286e633ef0ff5bb63c07b4516665da8004966fec
+    Author: Roel Kluin <roel.kluin at gmail.com>
+    Date:   Wed Nov 4 08:31:59 2009 -0800
+    
+        isdn: hfc_usb: Fix read buffer overflow
+
+diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
+index b5e571a..ae7425c 100644
+--- a/drivers/isdn/hisax/hfc_usb.c
++++ b/drivers/isdn/hisax/hfc_usb.c
+@@ -873,8 +873,8 @@ collect_rx_frame(usb_fifo * fifo, __u8 * data, int len, int finish)
+ 	}
+ 	/* we have a complete hdlc packet */
+ 	if (finish) {
+-		if ((!fifo->skbuff->data[fifo->skbuff->len - 1])
+-		    && (fifo->skbuff->len > 3)) {
++		if (fifo->skbuff->len > 3 &&
++				!fifo->skbuff->data[fifo->skbuff->len - 1]) {
+ 			/* remove CRC & status */
+ 			skb_trim(fifo->skbuff, fifo->skbuff->len - 3);
+ 			if (fifon == HFCUSB_PCM_RX) {

Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch2	Tue Feb 16 01:52:17 2010	(r15158)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch2	Tue Feb 16 01:54:12 2010	(r15159)
@@ -1,2 +1,3 @@
 + bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
 + bugfix/all/nfsv4-buggy-server-oops.patch
++ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch

More information about the Kernel-svn-changes mailing list