[kernel] r17612 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jun 6 03:03:00 UTC 2011 

Author: dannf
Date: Mon Jun  6 03:02:59 2011
New Revision: 17612

Log:
Validate size of EFI GUID partition entries (CVE-2011-1776)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch
      - copied unchanged from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 03:01:26 2011	(r17611)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 03:02:59 2011	(r17612)
@@ -40,6 +40,7 @@
   * can: Add missing socket check in can/raw release (CVE-2011-1748)
   * [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
   * gre: fix netns vs proto registration ordering (CVE-2011-1767)
+  * Validate size of EFI GUID partition entries (CVE-2011-1776)
 
   [ Ben Hutchings ]
   * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)

Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch (from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch	Mon Jun  6 03:02:59 2011	(r17612, copy of r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/validate-size-of-efi-guid-partition-entries.patch)
@@ -0,0 +1,29 @@
+commit fa039d5f6b126fbd65eefa05db2f67e44df8f121
+Author: Timo Warns <Warns at pre-sense.de>
+Date:   Fri May 6 13:47:35 2011 +0200
+
+    Validate size of EFI GUID partition entries.
+    
+    Otherwise corrupted EFI partition tables can cause total confusion.
+    
+    Signed-off-by: Timo Warns <warns at pre-sense.de>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/fs/partitions/efi.c linux-source-2.6.32/fs/partitions/efi.c
+--- linux-source-2.6.32.orig/fs/partitions/efi.c	2011-05-03 09:28:49.000000000 -0600
++++ linux-source-2.6.32/fs/partitions/efi.c	2011-05-17 00:36:47.701635525 -0600
+@@ -349,6 +349,12 @@ is_gpt_valid(struct block_device *bdev,
+ 		goto fail;
+ 	}
+ 
++	/* Check that sizeof_partition_entry has the correct value */
++	if (le32_to_cpu((*gpt)->sizeof_partition_entry) != sizeof(gpt_entry)) {
++		pr_debug("GUID Partitition Entry Size check failed.\n");
++		goto fail;
++	}
++
+ 	if (!(*ptes = alloc_read_gpt_entries(bdev, *gpt)))
+ 		goto fail;
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 03:01:26 2011	(r17611)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 03:02:59 2011	(r17612)
@@ -38,3 +38,4 @@
 + bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
 + bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
 + bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
++ bugfix/all/validate-size-of-efi-guid-partition-entries.patch

More information about the Kernel-svn-changes mailing list