[kernel] r16544 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Nov 11 02:01:09 UTC 2010
Author: dannf
Date: Thu Nov 11 02:00:35 2010
New Revision: 16544
Log:
V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ivtvfb-prevent-reading-uninitialized-stack-memory.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed Nov 10 17:09:14 2010 (r16543)
+++ dists/lenny-security/linux-2.6/debian/changelog Thu Nov 11 02:00:35 2010 (r16544)
@@ -15,6 +15,7 @@
* sys_semctl: fix kernel stack leakage (CVE-2010-4083)
* ALSA: rme9652: prevent reading uninitialized stack memory
(CVE-2010-4080, CVE-2010-4081)
+ * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079)
-- dann frazier <dannf at debian.org> Thu, 30 Sep 2010 21:42:24 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ivtvfb-prevent-reading-uninitialized-stack-memory.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ivtvfb-prevent-reading-uninitialized-stack-memory.patch Thu Nov 11 02:00:35 2010 (r16544)
@@ -0,0 +1,28 @@
+commit 66635f73f2223eceebc61c88135b5817b97b4235
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Wed Sep 15 18:44:22 2010 -0300
+
+ V4L/DVB: ivtvfb: prevent reading uninitialized stack memory
+
+ The FBIOGET_VBLANK device ioctl allows unprivileged users to read 16
+ bytes of uninitialized stack memory, because the "reserved" member of
+ the fb_vblank struct declared on the stack is not altered or zeroed
+ before being copied back to the user. This patch takes care of it.
+
+ Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+ Signed-off-by: Andy Walls <awalls at md.metrocast.net>
+ Signed-off-by: Mauro Carvalho Chehab <mchehab at redhat.com>
+
+diff --git a/drivers/media/video/ivtv/ivtvfb.c b/drivers/media/video/ivtv/ivtvfb.c
+index 73be154..96ed111 100644
+--- a/drivers/media/video/ivtv/ivtvfb.c
++++ b/drivers/media/video/ivtv/ivtvfb.c
+@@ -378,6 +378,8 @@ static int ivtvfb_ioctl(struct fb_info *info, unsigned int cmd, unsigned long ar
+ struct fb_vblank vblank;
+ u32 trace;
+
++ memset(&vblank, 0, sizeof(struct fb_vblank));
++
+ vblank.flags = FB_VBLANK_HAVE_COUNT |FB_VBLANK_HAVE_VCOUNT |
+ FB_VBLANK_HAVE_VSYNC;
+ trace = read_reg(0x028c0) >> 16;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Wed Nov 10 17:09:14 2010 (r16543)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Thu Nov 11 02:00:35 2010 (r16544)
@@ -13,3 +13,4 @@
+ bugfix/all/x25-fix-memory-corruption-in-facilities-parsing.patch
+ bugfix/all/sys_semctl-fix-kernel-stack-leakage.patch
+ bugfix/all/rme9652-prevent-reading-uninitialized-stack-memory.patch
++ bugfix/all/ivtvfb-prevent-reading-uninitialized-stack-memory.patch
More information about the Kernel-svn-changes
mailing list