[kernel] r17185 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Apr 3 20:29:41 UTC 2011
Author: dannf
Date: Sun Apr 3 20:29:30 2011
New Revision: 17185
Log:
net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified:
dists/lenny-security/linux-2.6/debian/changelog
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Sun Apr 3 04:14:00 2011 (r17184)
+++ dists/lenny-security/linux-2.6/debian/changelog Sun Apr 3 20:29:30 2011 (r17185)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.26-26lenny3) UNRELEASED; urgency=low
+
+ * net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
+
+ -- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
+
linux-2.6 (2.6.26-26lenny2) stable-security; urgency=high
[ dann frazier ]
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch Sun Apr 3 20:29:30 2011 (r17185)
@@ -0,0 +1,30 @@
+commit b00916b189d13a615ff05c9242201135992fcda3
+Author: Kees Cook <kees.cook at canonical.com>
+Date: Mon Oct 11 12:23:25 2010 -0700
+
+ net: clear heap allocations for privileged ethtool actions
+
+ Several other ethtool functions leave heap uncleared (potentially) by
+ drivers. Some interfaces appear safe (eeprom, etc), in that the sizes
+ are well controlled. In some situations (e.g. unchecked error conditions),
+ the heap will remain unchanged in areas before copying back to userspace.
+ Note that these are less of an issue since these all require CAP_NET_ADMIN.
+
+ Cc: stable at kernel.org
+ Signed-off-by: Kees Cook <kees.cook at canonical.com>
+ Acked-by: Ben Hutchings <bhutchings at solarflare.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+ [dannf: backported to Debian's 2.6.26]
+
+diff -urpN linux-source-2.6.26.orig/net/core/ethtool.c linux-source-2.6.26/net/core/ethtool.c
+--- linux-source-2.6.26.orig/net/core/ethtool.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/core/ethtool.c 2011-03-30 22:30:58.796187153 -0600
+@@ -226,7 +226,7 @@ static int ethtool_get_regs(struct net_d
+ if (regs.len > reglen)
+ regs.len = reglen;
+
+- regbuf = kmalloc(reglen, GFP_USER);
++ regbuf = kzalloc(reglen, GFP_USER);
+ if (!regbuf)
+ return -ENOMEM;
+
Added: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Sun Apr 3 20:29:30 2011 (r17185)
@@ -0,0 +1 @@
++ bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
More information about the Kernel-svn-changes
mailing list