[kernel] r17198 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Apr 4 02:31:19 UTC 2011
Author: dannf
Date: Mon Apr 4 02:31:16 2011
New Revision: 17198
Log:
netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch
- copied, changed from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 02:12:42 2011 (r17197)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Apr 4 02:31:16 2011 (r17198)
@@ -13,6 +13,7 @@
(CVE-2011-1090)
* dccp: fix oops on Reset after close (CVE-2011-1093)
* Fix corrupted OSF partition table parsing (CVE-2011-1163)
+ * netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
-- dann frazier <dannf at debian.org> Wed, 30 Mar 2011 22:46:26 -0600
Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch (from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch)
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch Sun Apr 3 22:42:47 2011 (r17187, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch Mon Apr 4 02:31:16 2011 (r17198)
@@ -18,12 +18,13 @@
Signed-off-by: Vasiliy Kulikov <segoon at openwall.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
+ [dannf: backported to Debian's 2.6.26]
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index e95054c..4b5d457 100644
+index 03e83a6..3c8d072 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -1066,6 +1066,7 @@ static int do_replace(struct net *net, const void __user *user,
+@@ -1033,6 +1033,7 @@ static int do_replace(struct net *net, void __user *user, unsigned int len)
/* overflow check */
if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
return -ENOMEM;
@@ -31,7 +32,7 @@
newinfo = xt_alloc_table_info(tmp.size);
if (!newinfo)
-@@ -1488,6 +1489,7 @@ static int compat_do_replace(struct net *net, void __user *user,
+@@ -1453,6 +1454,7 @@ static int compat_do_replace(struct net *net, void __user *user,
return -ENOMEM;
if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
return -ENOMEM;
@@ -39,11 +40,11 @@
newinfo = xt_alloc_table_info(tmp.size);
if (!newinfo)
-@@ -1740,6 +1742,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
+@@ -1708,6 +1710,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
ret = -EFAULT;
break;
}
+ rev.name[sizeof(rev.name)-1] = 0;
- try_then_request_module(xt_find_revision(NFPROTO_ARP, rev.name,
+ try_then_request_module(xt_find_revision(NF_ARP, rev.name,
rev.revision, 1, &ret),
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 02:12:42 2011 (r17197)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Apr 4 02:31:16 2011 (r17198)
@@ -12,3 +12,4 @@
+ bugfix/all/dccp-fix-oops-on-Reset-after-close.patch
+ bugfix/all/fix-corrupted-osf-partition-parsing.patch
+ bugfix/all/increase-osf-partition-limit-from-8-to-18.patch
++ bugfix/all/netfilter-arp_tables-fix-infoleak-to-userspace.patch
More information about the Kernel-svn-changes
mailing list