[kernel] r16481 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Oct 25 02:20:37 UTC 2010
Author: dannf
Date: Mon Oct 25 02:20:32 2010
New Revision: 16481
Log:
eql: prevent reading uninitialized stack memory (CVE-2010-3297)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Oct 25 02:19:53 2010 (r16480)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Oct 25 02:20:32 2010 (r16481)
@@ -3,6 +3,7 @@
* net sched: fix kernel leak in act_police (CVE-2010-3477)
* aio: check for multiplication overflow in do_io_submit (CVE-2010-3067)
* cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296)
+ * eql: prevent reading uninitialized stack memory (CVE-2010-3297)
-- dann frazier <dannf at debian.org> Thu, 30 Sep 2010 21:42:24 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch Mon Oct 25 02:20:32 2010 (r16481)
@@ -0,0 +1,30 @@
+commit fbbc65f0bc5c6efae9da937b615159b90e47d169
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Wed Sep 15 11:43:04 2010 +0000
+
+ drivers/net/eql.c: prevent reading uninitialized stack memory
+
+ Fixed formatting (tabs and line breaks).
+
+ The EQL_GETMASTRCFG device ioctl allows unprivileged users to read 16
+ bytes of uninitialized stack memory, because the "master_name" member of
+ the master_config_t struct declared on the stack in eql_g_master_cfg()
+ is not altered or zeroed before being copied back to the user. This
+ patch takes care of it.
+
+ Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/drivers/net/eql.c b/drivers/net/eql.c
+index 18f1364..a7ae37c 100644
+--- a/drivers/net/eql.c
++++ b/drivers/net/eql.c
+@@ -546,6 +546,8 @@ static int eql_g_master_cfg(struct net_device *dev, master_config_t __user *mcp)
+ equalizer_t *eql;
+ master_config_t mc;
+
++ memset(&mc, 0, sizeof(master_config_t));
++
+ if (eql_is_master(dev)) {
+ eql = netdev_priv(dev);
+ mc.max_slaves = eql->max_slaves;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Mon Oct 25 02:19:53 2010 (r16480)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2 Mon Oct 25 02:20:32 2010 (r16481)
@@ -1,3 +1,4 @@
+ bugfix/all/net-sched-fix-kernel-leak-in-act_police.patch
+ bugfix/all/aio-check-for-multiplication-overflow-in-do_io_submit.patch
+ bugfix/all/cxgb3-prevent-reading-uninitialized-stack-memory.patch
++ bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch
More information about the Kernel-svn-changes
mailing list