[kernel] r16584 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Nov 21 01:19:20 UTC 2010
Author: dannf
Date: Sun Nov 21 01:19:17 2010
New Revision: 16584
Log:
ipc: shm: fix information leak to userland (CVE-2010-4072)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ipc-shm-fix-information-leak-to-userland.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Sun Nov 21 01:16:19 2010 (r16583)
+++ dists/lenny-security/linux-2.6/debian/changelog Sun Nov 21 01:19:17 2010 (r16584)
@@ -29,6 +29,7 @@
* net: tipc: fix information leak to userland (CVE-2010-3877)
* inet_diag: Make sure we actually run the same bytecode we audited
(CVE-2010-3880)
+ * ipc: shm: fix information leak to userland (CVE-2010-4072)
-- dann frazier <dannf at debian.org> Thu, 30 Sep 2010 21:42:24 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ipc-shm-fix-information-leak-to-userland.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ipc-shm-fix-information-leak-to-userland.patch Sun Nov 21 01:19:17 2010 (r16584)
@@ -0,0 +1,27 @@
+commit 5204c15eac79d9cfbbcb2cfff36f1d631f7bfef6
+Author: Vasiliy Kulikov <segooon at gmail.com>
+Date: Sat Oct 30 18:22:49 2010 +0400
+
+ ipc: shm: fix information leak to userland
+
+ The shmid_ds structure is copied to userland with shm_unused{,2,3}
+ fields unitialized. It leads to leaking of contents of kernel stack
+ memory.
+
+ Signed-off-by: Vasiliy Kulikov <segooon at gmail.com>
+ Acked-by: Al Viro <viro at ZenIV.linux.org.uk>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/ipc/shm.c b/ipc/shm.c
+index 38b4711..584b344 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -483,6 +483,7 @@ static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_
+ {
+ struct shmid_ds out;
+
++ memset(&out, 0, sizeof(out));
+ ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ out.shm_segsz = in->shm_segsz;
+ out.shm_atime = in->shm_atime;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Sun Nov 21 01:16:19 2010 (r16583)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Sun Nov 21 01:19:17 2010 (r16584)
@@ -23,3 +23,4 @@
+ bugfix/all/can-bcm-fix-minor-heap-overflow.patch
+ bugfix/all/net-tipc-fix-information-leak-to-userland.patch
+ bugfix/all/inet_diag-make-sure-we-actually-run-the-same-bytecode-we-audited.patch
++ bugfix/all/ipc-shm-fix-information-leak-to-userland.patch
More information about the Kernel-svn-changes
mailing list