[kernel] r16828 - in dists/lenny-security/linux-2.6/debian: . patches/debian patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jan 17 19:42:01 UTC 2011
Author: dannf
Date: Mon Jan 17 19:41:52 2011
New Revision: 16828
Log:
econet: Disable auto-loading as mitigation against local exploits. This
module has been shown to be broken, so this risk of this affecting
real users is insignificant.
Added:
dists/lenny-security/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
- copied unchanged from r16824, dists/sid/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Jan 17 19:22:38 2011 (r16827)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Jan 17 19:41:52 2011 (r16828)
@@ -14,6 +14,9 @@
* exec: make argv/envp memory visible to oom-killer (CVE-2010-4243)
* af_unix: limit unix_tot_inflight (CVE-2010-4249)
* do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
+ * econet: Disable auto-loading as mitigation against local exploits. This
+ module has been shown to be broken, so this risk of this affecting
+ real users is insignificant.
[ Moritz Muehlenhoff ]
* blkback/blktap/netback: Fix CVE-2010-3699
Copied: dists/lenny-security/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch (from r16824, dists/sid/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch Mon Jan 17 19:41:52 2011 (r16828, copy of r16824, dists/sid/linux-2.6/debian/patches/debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch)
@@ -0,0 +1,34 @@
+From e8e7c6dabb1049086882b1160895598ec9492b57 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Fri, 19 Nov 2010 02:12:48 +0000
+Subject: [PATCH 3/3] econet: Disable auto-loading as mitigation against local exploits
+
+Recent review has revealed several bugs in obscure protocol
+implementations that can be exploited by local users for denial of
+service or privilege escalation. We can mitigate the effect of any
+remaining vulnerabilities in such protocols by preventing unprivileged
+users from loading the modules, so that they are only exploitable on
+systems where the administrator has chosen to load the protocol.
+
+The 'econet' protocol is unmaintained and is of mainly historical
+interest. The Debian system does not appear to include any applications
+that use it. Therefore disable auto-loading.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ net/econet/af_econet.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 0e0254f..60a38f7 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -1171,4 +1171,4 @@ module_init(econet_proto_init);
+ module_exit(econet_proto_exit);
+
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS_NETPROTO(PF_ECONET);
++/* MODULE_ALIAS_NETPROTO(PF_ECONET); */
+--
+1.7.2.3
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny2 Mon Jan 17 19:22:38 2011 (r16827)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny2 Mon Jan 17 19:41:52 2011 (r16828)
@@ -13,3 +13,4 @@
+ bugfix/all/af_unix-limit-unix_tot_inflight.patch
+ bugfix/all/scm-lower-SCM_MAX_FD.patch
+ bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch
++ debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
More information about the Kernel-svn-changes
mailing list