[kernel] r16290 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Sep 16 05:19:44 UTC 2010
Author: dannf
Date: Thu Sep 16 05:19:42 2010
New Revision: 16290
Log:
xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Thu Sep 16 04:41:24 2010 (r16289)
+++ dists/lenny-security/linux-2.6/debian/changelog Thu Sep 16 05:19:42 2010 (r16290)
@@ -6,6 +6,7 @@
(CVE-2010-3081)
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
(CVE-2010-3080)
+ * xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
-- dann frazier <dannf at debian.org> Thu, 09 Sep 2010 19:11:27 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch Thu Sep 16 05:19:42 2010 (r16290)
@@ -0,0 +1,29 @@
+commit 3df0537450fc7726a21c2c85f9fe8cb2d47d0fb6
+Author: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+Date: Mon Sep 6 18:24:57 2010 -0400
+
+ xfs: prevent reading uninitialized stack memory
+
+ The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
+ bytes of uninitialized stack memory, because the fsxattr struct
+ declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
+ the 12-byte fsx_pad member before copying it back to the user. This
+ patch takes care of it.
+
+ Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+ Reviewed-by: Eric Sandeen <sandeen at redhat.com>
+ Signed-off-by: Alex Elder <aelder at sgi.com>
+
+diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
+index a42ba9d..de2e754 100644
+--- a/fs/xfs/linux-2.6/xfs_ioctl.c
++++ b/fs/xfs/linux-2.6/xfs_ioctl.c
+@@ -847,6 +847,8 @@ xfs_ioc_fsgetxattr(
+ {
+ struct fsxattr fa;
+
++ memset(&fa, 0, sizeof(struct fsxattr));
++
+ xfs_ilock(ip, XFS_ILOCK_SHARED);
+ fa.fsx_xflags = xfs_ip2xflags(ip);
+ fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny1 Thu Sep 16 04:41:24 2010 (r16289)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny1 Thu Sep 16 05:19:42 2010 (r16290)
@@ -1,3 +1,4 @@
+ bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
+ bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch
+ bugfix/all/alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
++ bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
More information about the Kernel-svn-changes
mailing list