[kernel] r16564 - in dists/sid/linux-2.6/debian: . patches/debian patches/series

Ben Hutchings benh at alioth.debian.org
Fri Nov 19 03:53:54 UTC 2010 

Author: benh
Date: Fri Nov 19 03:53:50 2010
New Revision: 16564

Log:
x25: Disable auto-loading as mitigation against local exploits

Added:
   dists/sid/linux-2.6/debian/patches/debian/x25-Disable-auto-loading-as-mitigation-against-local.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/28

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Fri Nov 19 02:50:57 2010	(r16563)
+++ dists/sid/linux-2.6/debian/changelog	Fri Nov 19 03:53:50 2010	(r16564)
@@ -46,8 +46,8 @@
     - Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164)
   * tcp: Increase TCP_MAXSEG socket option minimum (CVE-2010-4165)
   * rds: Fix integer overflow in RDS cmsg handling
-  * af_802154,econet,rds: Disable auto-loading as mitigation against local
-    exploits.  These protocol modules are not widely used and can be
+  * af_802154,econet,rds,x25: Disable auto-loading as mitigation against
+    local exploits.  These protocol modules are not widely used and can be
     explicitly loaded or aliased on systems where they are wanted.
 
   [ dann frazier ]

Added: dists/sid/linux-2.6/debian/patches/debian/x25-Disable-auto-loading-as-mitigation-against-local.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/debian/x25-Disable-auto-loading-as-mitigation-against-local.patch	Fri Nov 19 03:53:50 2010	(r16564)
@@ -0,0 +1,34 @@
+From bdfd2f58fdec502ca5f557079f3c81bfd69f801c Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Fri, 19 Nov 2010 03:45:49 +0000
+Subject: [PATCH] x25: Disable auto-loading as mitigation against local exploits
+
+Recent review has revealed several bugs in obscure protocol
+implementations that can be exploited by local users for denial of
+service or privilege escalation.  We can mitigate the effect of any
+remaining vulnerabilities in such protocols by preventing unprivileged
+users from loading the modules, so that they are only exploitable on
+systems where the administrator has chosen to load the protocol.
+
+The 'x25' protocol has been in 'alpha' state for 10 years, and there
+appear to be no published applications for Linux that use it.
+Therefore disable auto-loading.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ net/x25/af_x25.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
+index d006816..e0da374 100644
+--- a/net/x25/af_x25.c
++++ b/net/x25/af_x25.c
+@@ -1743,4 +1743,4 @@ module_exit(x25_exit);
+ MODULE_AUTHOR("Jonathan Naylor <g4klx at g4klx.demon.co.uk>");
+ MODULE_DESCRIPTION("The X.25 Packet Layer network layer protocol");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS_NETPROTO(PF_X25);
++/* MODULE_ALIAS_NETPROTO(PF_X25); */
+-- 
+1.7.2.3
+

Modified: dists/sid/linux-2.6/debian/patches/series/28
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/28	Fri Nov 19 02:50:57 2010	(r16563)
+++ dists/sid/linux-2.6/debian/patches/series/28	Fri Nov 19 03:53:50 2010	(r16564)
@@ -43,3 +43,4 @@
 + debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
 + debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
 + debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
++ debian/x25-Disable-auto-loading-as-mitigation-against-local.patch

More information about the Kernel-svn-changes mailing list