[kernel] r17986 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Aug 22 06:09:29 UTC 2011 

Author: dannf
Date: Mon Aug 22 06:09:27 2011
New Revision: 17986

Log:
net_sched: Fix qdisc_notify() (CVE-2011-2525)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch
      - copied, changed from r17980, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny4

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Aug 22 02:49:30 2011	(r17985)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Aug 22 06:09:27 2011	(r17986)
@@ -7,6 +7,7 @@
   * proc: restrict access to /proc/PID/io (CVE-2011-2495)
   * vm: fix vm_pgoff wrap in up/down stack expansions (CVE-2011-2496)
   * Bluetooth: Prevent buffer overflow in l2cap config request (CVE-2011-2497)
+  * net_sched: Fix qdisc_notify() (CVE-2011-2525)
 
   [ Moritz Muehlenhoff ]
   * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)

Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch (from r17980, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch)
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch	Sun Aug 21 15:20:47 2011	(r17980, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net_sched-Fix-qdisc_notify.patch	Mon Aug 22 06:09:27 2011	(r17986)
@@ -18,13 +18,13 @@
     Reported-by: Ben Pfaff <blp at nicira.com>
     Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
     Signed-off-by: David S. Miller <davem at davemloft.net>
-    [dannf: backported to Debian's 2.6.32]
+    [dannf: backported to Debian's 2.6.26]
 
 diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
-index 903e418..7c8c4b1 100644
+index 2761cf4..93cbd8e 100644
 --- a/net/sched/sch_api.c
 +++ b/net/sched/sch_api.c
-@@ -1195,6 +1195,11 @@ nla_put_failure:
+@@ -867,6 +867,11 @@ nla_put_failure:
  	return -1;
  }
  
@@ -36,7 +36,7 @@
  static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n,
  			u32 clid, struct Qdisc *old, struct Qdisc *new)
  {
-@@ -1205,11 +1210,11 @@ static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n,
+@@ -877,11 +882,11 @@ static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n,
  	if (!skb)
  		return -ENOBUFS;
  
@@ -50,15 +50,3 @@
  		if (tc_fill_qdisc(skb, new, clid, pid, n->nlmsg_seq, old ? NLM_F_REPLACE : 0, RTM_NEWQDISC) < 0)
  			goto err_out;
  	}
-@@ -1222,11 +1227,6 @@ err_out:
- 	return -EINVAL;
- }
- 
--static bool tc_qdisc_dump_ignore(struct Qdisc *q)
--{
--	return (q->flags & TCQ_F_BUILTIN) ? true : false;
--}
--
- static int tc_dump_qdisc_root(struct Qdisc *root, struct sk_buff *skb,
- 			      struct netlink_callback *cb,
- 			      int *q_idx_p, int s_q_idx)

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny4
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Mon Aug 22 02:49:30 2011	(r17985)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny4	Mon Aug 22 06:09:27 2011	(r17986)
@@ -11,3 +11,4 @@
 + bugfix/all/vm-fix-vm_pgoff-wrap-in-stack-expansion.patch
 + bugfix/all/vm-fix-vm_pgoff-wrap-in-upward-expansion.patch
 + bugfix/all/bluetooth-prevent-buffer-overflow-in-l2cap-config-request.patch
++ bugfix/all/net_sched-Fix-qdisc_notify.patch

More information about the Kernel-svn-changes mailing list