[kernel] r17908 - in dists/lenny-security/linux-2.6/debian/patches: bugfix/all series

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Aug 11 18:29:29 UTC 2011 

Author: jmm
Date: Thu Aug 11 18:29:28 2011
New Revision: 17908

Log:
CVE-2011-2492 for lenny

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2011-2492.patch
Modified:
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny4

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2011-2492.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/CVE-2011-2492.patch	Thu Aug 11 18:29:28 2011	(r17908)
@@ -0,0 +1,41 @@
+From: Filip Palian <s3810 at pjwstk.edu.pl>
+Date: Thu, 12 May 2011 17:32:46 +0000 (+0200)
+Subject: Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
+X-Git-Tag: v3.0-rc4~5^2~13^2~2^2~3
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f
+
+Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
+
+Structures "l2cap_conninfo" and "rfcomm_conninfo" have one padding
+byte each. This byte in "cinfo" is copied to userspace uninitialized.
+
+Signed-off-by: Filip Palian <filip.palian at pjwstk.edu.pl>
+Acked-by: Marcel Holtmann <marcel at holtmann.org>
+Signed-off-by: Gustavo F. Padovan <padovan at profusion.mobi>
+[backported to 2.6.26 - jmm]
+---
+
+diff -aur linux-2.6-2.6.26.orig//net/bluetooth/l2cap.c linux-2.6-2.6.26/net/bluetooth/l2cap.c
+--- linux-2.6-2.6.26.orig//net/bluetooth/l2cap.c	2008-07-13 23:51:29.000000000 +0200
++++ linux-2.6-2.6.26/net/bluetooth/l2cap.c	2011-08-11 20:27:06.000000000 +0200
+@@ -1110,6 +1110,7 @@
+ 			break;
+ 		}
+ 
++		memset(&cinfo, 0, sizeof(cinfo));
+ 		cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
+ 		memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
+ 
+Nur in linux-2.6-2.6.26/net/bluetooth: l2cap.c~.
+diff -aur linux-2.6-2.6.26.orig//net/bluetooth/rfcomm/sock.c linux-2.6-2.6.26/net/bluetooth/rfcomm/sock.c
+--- linux-2.6-2.6.26.orig//net/bluetooth/rfcomm/sock.c	2008-07-13 23:51:29.000000000 +0200
++++ linux-2.6-2.6.26/net/bluetooth/rfcomm/sock.c	2011-08-11 20:27:53.000000000 +0200
+@@ -770,6 +770,7 @@
+ 
+ 		l2cap_sk = rfcomm_pi(sk)->dlc->session->sock->sk;
+ 
++		memset(&cinfo, 0, sizeof(cinfo));
+ 		cinfo.hci_handle = l2cap_pi(l2cap_sk)->conn->hcon->handle;
+ 		memcpy(cinfo.dev_class, l2cap_pi(l2cap_sk)->conn->hcon->dev_class, 3);
+ 
+Nur in linux-2.6-2.6.26/net/bluetooth/rfcomm: sock.c~.

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Thu Aug 11 18:15:23 2011	(r17907)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Thu Aug 11 18:29:28 2011	(r17908)
@@ -1,3 +1,8 @@
 + bugfix/all/tunnels-fix-netns-vs-proto-registration-ordering-regression-fix.patch
 + bugfix/all/alpha-fix-several-security-issues.patch
 + bugfix/all/fix-inet_diag_bc_audit.patch
++ bugfix/all/CVE-2011-2492.patch
+
+
+
+

More information about the Kernel-svn-changes mailing list