[kernel] r16581 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Nov 21 00:38:20 UTC 2010
Author: dannf
Date: Sun Nov 21 00:38:14 2010
New Revision: 16581
Log:
net: tipc: fix information leak to userland (CVE-2010-3877)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-tipc-fix-information-leak-to-userland.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Sun Nov 21 00:19:36 2010 (r16580)
+++ dists/lenny-security/linux-2.6/debian/changelog Sun Nov 21 00:38:14 2010 (r16581)
@@ -26,6 +26,7 @@
* net: ax25: fix information leak to userland (CVE-2010-3875)
* can-bcm: fix minor heap overflow (CVE-2010-3874)
* net: packet: fix information leak to userland (CVE-2010-3876)
+ * net: tipc: fix information leak to userland (CVE-2010-3877)
-- dann frazier <dannf at debian.org> Thu, 30 Sep 2010 21:42:24 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-tipc-fix-information-leak-to-userland.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-tipc-fix-information-leak-to-userland.patch Sun Nov 21 00:38:14 2010 (r16581)
@@ -0,0 +1,25 @@
+commit cff130bf33f85cc3ab24f6584feaa227048c0738
+Author: Kulikov Vasiliy <segooon at gmail.com>
+Date: Sun Oct 31 07:10:32 2010 +0000
+
+ net: tipc: fix information leak to userland
+
+ Structure sockaddr_tipc is copied to userland with padding bytes after
+ "id" field in union field "name" unitialized. It leads to leaking of
+ contents of kernel stack memory. We have to initialize them to zero.
+
+ Signed-off-by: Vasiliy Kulikov <segooon at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c
+index 230f9ca..296e28a 100644
+--- a/net/tipc/socket.c
++++ b/net/tipc/socket.c
+@@ -390,6 +390,7 @@ static int get_name(struct socket *sock, struct sockaddr *uaddr,
+ u32 portref = tipc_sk_port(sock->sk)->ref;
+ u32 res;
+
++ memset(addr, 0, sizeof(*addr));
+ if (peer) {
+ res = tipc_peer(portref, &addr->addr.id);
+ if (res)
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Sun Nov 21 00:19:36 2010 (r16580)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Sun Nov 21 00:38:14 2010 (r16581)
@@ -21,3 +21,4 @@
+ bugfix/all/net-limit-socket-io-iovec-total-length-to-INT_MAX.patch
+ bugfix/all/net-ax25-fix-information-leak-to-userland.patch
+ bugfix/all/can-bcm-fix-minor-heap-overflow.patch
++ bugfix/all/net-tipc-fix-information-leak-to-userland.patch
More information about the Kernel-svn-changes
mailing list