[kernel] r17558 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Jun 1 05:57:50 UTC 2011
Author: dannf
Date: Wed Jun 1 05:57:49 2011
New Revision: 17558
Log:
char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tpm-fix-uninitialized-usage-of-data-buffer.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed Jun 1 05:52:50 2011 (r17557)
+++ dists/lenny-security/linux-2.6/debian/changelog Wed Jun 1 05:57:49 2011 (r17558)
@@ -30,6 +30,7 @@
* serial: Fix information leak in TIOCGICOUNT ioctl (CVE-2010-4075)
* net: ax25: improve information leak to userland fix, a further fix
for CVE-2010-3875
+ * char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
[ Ben Hutchings ]
* [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tpm-fix-uninitialized-usage-of-data-buffer.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tpm-fix-uninitialized-usage-of-data-buffer.patch Wed Jun 1 05:57:49 2011 (r17558)
@@ -0,0 +1,28 @@
+commit 1309d7afbed112f0e8e90be9af975550caa0076b
+Author: Peter Huewe <huewe.external.infineon at googlemail.com>
+Date: Tue Mar 29 13:31:25 2011 +0200
+
+ char/tpm: Fix unitialized usage of data buffer
+
+ This patch fixes information leakage to the userspace by initializing
+ the data buffer to zero.
+
+ Reported-by: Peter Huewe <huewe.external at infineon.com>
+ Signed-off-by: Peter Huewe <huewe.external at infineon.com>
+ Signed-off-by: Marcel Selhorst <m.selhorst at sirrix.com>
+ [ Also removed the silly "* sizeof(u8)". If that isn't 1, we have way
+ deeper problems than a simple multiplication can fix. - Linus ]
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+ [dannf: adjusted to apply to Debian's 2.6.26]
+
+--- linux-source-2.6.26.orig/drivers/char/tpm/tpm.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/drivers/char/tpm/tpm.c 2011-05-31 23:53:14.451994322 -0600
+@@ -922,7 +922,7 @@ int tpm_open(struct inode *inode, struct
+
+ spin_unlock(&driver_lock);
+
+- chip->data_buffer = kmalloc(TPM_BUFSIZE * sizeof(u8), GFP_KERNEL);
++ chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL);
+ if (chip->data_buffer == NULL) {
+ chip->num_opens--;
+ put_device(chip->dev);
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Wed Jun 1 05:52:50 2011 (r17557)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Wed Jun 1 05:57:49 2011 (r17558)
@@ -27,3 +27,4 @@
+ bugfix/all/fs-cifs-reject-dns-upcall-add_key-req-from-userspace.patch
+ bugfix/all/serial_core-clean-data-before-filling-it.patch
+ bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch
++ bugfix/all/tpm-fix-uninitialized-usage-of-data-buffer.patch
More information about the Kernel-svn-changes
mailing list