[kernel] r17911 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Aug 11 18:51:42 UTC 2011
Author: jmm
Date: Thu Aug 11 18:51:41 2011
New Revision: 17911
Log:
CVE-2011-2700 for Squeeze
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 11 18:42:32 2011 (r17910)
+++ dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 11 18:51:41 2011 (r17911)
@@ -1,11 +1,15 @@
linux-2.6 (2.6.32-35squeeze1) UNRELEASED; urgency=high
+ [ dann frazier ]
* Fix regression in fix for CVE-2011-1768 (Closes: #633738)
* net: Fix memory leak/corruption on VLAN GRO_DROP (CVE-2011-1576)
* taskstats: don't allow duplicate entries in listener mode (CVE-2011-2484)
* NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
* Bluetooth: l2cap/rfcomm: fix 1 byte infoleak to userspace (CVE-2011-2492)
+ [ Moritz Muehlenhoff ]
+ * si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700)
+
-- dann frazier <dannf at debian.org> Thu, 21 Jul 2011 00:31:53 -0600
linux-2.6 (2.6.32-35) stable; urgency=high
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch Thu Aug 11 18:51:41 2011 (r17911)
@@ -0,0 +1,43 @@
+From: Mauro Carvalho Chehab <mchehab at redhat.com>
+Date: Sun, 17 Jul 2011 03:24:37 +0000 (-0300)
+Subject: si4713-i2c: avoid potential buffer overflow on si4713
+X-Git-Tag: v3.0~16
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dc6b845044ccb7e9e6f3b7e71bd179b3cf0223b6
+
+si4713-i2c: avoid potential buffer overflow on si4713
+
+While compiling it with Fedora 15, I noticed this issue:
+
+ inlined from âsi4713_write_econtrol_stringâ at drivers/media/radio/si4713-i2c.c:1065:24:
+ arch/x86/include/asm/uaccess_32.h:211:26: error: call to âcopy_from_user_overflowâ declared with attribute error: copy_from_user() buffer size is not provably correct
+
+Cc: stable at kernel.org
+Signed-off-by: Mauro Carvalho Chehab <mchehab at redhat.com>
+Acked-by: Sakari Ailus <sakari.ailus at maxwell.research.nokia.com>
+Acked-by: Eduardo Valentin <edubezval at gmail.com>
+Reviewed-by: Eugene Teo <eugeneteo at kernel.sg>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+diff --git a/drivers/media/radio/si4713-i2c.c b/drivers/media/radio/si4713-i2c.c
+index deca2e0..c9f4a8e 100644
+--- a/drivers/media/radio/si4713-i2c.c
++++ b/drivers/media/radio/si4713-i2c.c
+@@ -1033,7 +1033,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
+ char ps_name[MAX_RDS_PS_NAME + 1];
+
+ len = control->size - 1;
+- if (len > MAX_RDS_PS_NAME) {
++ if (len < 0 || len > MAX_RDS_PS_NAME) {
+ rval = -ERANGE;
+ goto exit;
+ }
+@@ -1057,7 +1057,7 @@ static int si4713_write_econtrol_string(struct si4713_device *sdev,
+ char radio_text[MAX_RDS_RADIO_TEXT + 1];
+
+ len = control->size - 1;
+- if (len > MAX_RDS_RADIO_TEXT) {
++ if (len < 0 || len > MAX_RDS_RADIO_TEXT) {
+ rval = -ERANGE;
+ goto exit;
+ }
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 11 18:42:32 2011 (r17910)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 11 18:51:41 2011 (r17911)
@@ -4,3 +4,4 @@
+ bugfix/all/nlm-dont-hang-forever-on-nlm-unlock-requests.patch
+ debian/nlm-Avoid-ABI-change-from-dont-hang-forever-on-nlm-unlock-requests.patch
+ bugfix/all/bluetooth-l2cap-and-rfcomm-fix-1-byte-infoleak-to-userspace.patch
++ bugfix/all/si4713-i2c-avoid-potential-buffer-overflow-on-si4713.patch
More information about the Kernel-svn-changes
mailing list