[kernel] r17192 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 4 01:20:22 UTC 2011
Author: dannf
Date: Mon Apr 4 01:20:18 2011
New Revision: 17192
Log:
Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch
- copied unchanged from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 01:04:35 2011 (r17191)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 01:20:18 2011 (r17192)
@@ -6,6 +6,7 @@
* [s390] remove task_show_regs (CVE-2011-0710)
* fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
* ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
+ * Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
-- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch (from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch Mon Apr 4 01:20:18 2011 (r17192, copy of r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch)
@@ -0,0 +1,25 @@
+commit c4c896e1471aec3b004a693c689f60be3b17ac86
+Author: Vasiliy Kulikov <segoon at openwall.com>
+Date: Mon Feb 14 13:54:26 2011 +0300
+
+ Bluetooth: sco: fix information leak to userspace
+
+ struct sco_conninfo has one padding byte in the end. Local variable
+ cinfo of type sco_conninfo is copied to userspace with this uninizialized
+ one byte, leading to old stack contents leak.
+
+ Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
+ Signed-off-by: Gustavo F. Padovan <padovan at profusion.mobi>
+
+diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
+index 960c6d1..926ed39 100644
+--- a/net/bluetooth/sco.c
++++ b/net/bluetooth/sco.c
+@@ -703,6 +703,7 @@ static int sco_sock_getsockopt_old(struct socket *sock, int optname, char __user
+ break;
+ }
+
++ memset(&cinfo, 0, sizeof(cinfo));
+ cinfo.hci_handle = sco_pi(sk)->conn->hcon->handle;
+ memcpy(cinfo.dev_class, sco_pi(sk)->conn->hcon->dev_class, 3);
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 01:04:35 2011 (r17191)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 01:20:18 2011 (r17192)
@@ -4,3 +4,4 @@
+ bugfix/s390/remove-task_show_regs.patch
+ bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch
+ bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
++ bugfix/all/bluetooth-sco-fix-information-leak-to-userspace.patch
More information about the Kernel-svn-changes
mailing list