[kernel] r17614 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jun 6 03:30:24 UTC 2011 

Author: dannf
Date: Mon Jun  6 03:30:23 2011
New Revision: 17614

Log:
fs/partitions/ldm.c: fix oops caused by corrupted partition table
(CVE-2011-1017)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch
      - copied, changed from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 03:20:26 2011	(r17613)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 03:30:23 2011	(r17614)
@@ -41,6 +41,8 @@
   * [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
   * gre: fix netns vs proto registration ordering (CVE-2011-1767)
   * Validate size of EFI GUID partition entries (CVE-2011-1776)
+  * fs/partitions/ldm.c: fix oops caused by corrupted partition table
+    (CVE-2011-1017)
 
   [ Ben Hutchings ]
   * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)

Copied and modified: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch (from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch)
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch	Fri Jun  3 06:06:48 2011	(r17590, copy source)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch	Mon Jun  6 03:30:23 2011	(r17614)
@@ -19,12 +19,12 @@
     Cc: Richard Russon <rich at flatcap.org>
     Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.26]
 
-diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
-index b10e354..ce4f624 100644
---- a/fs/partitions/ldm.c
-+++ b/fs/partitions/ldm.c
-@@ -1299,6 +1299,11 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags)
+diff -urpN linux-source-2.6.26.orig/fs/partitions/ldm.c linux-source-2.6.26/fs/partitions/ldm.c
+--- linux-source-2.6.26.orig/fs/partitions/ldm.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/fs/partitions/ldm.c	2011-06-05 21:23:22.003023825 -0600
+@@ -1294,6 +1294,11 @@ static bool ldm_frag_add (const u8 *data
  
  	BUG_ON (!data || !frags);
  
@@ -33,10 +33,10 @@
 +		return false;
 +	}
 +
- 	group = get_unaligned_be32(data + 0x08);
- 	rec   = get_unaligned_be16(data + 0x0C);
- 	num   = get_unaligned_be16(data + 0x0E);
-@@ -1306,6 +1311,10 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags)
+ 	group = BE32 (data + 0x08);
+ 	rec   = BE16 (data + 0x0C);
+ 	num   = BE16 (data + 0x0E);
+@@ -1301,6 +1306,10 @@ static bool ldm_frag_add (const u8 *data
  		ldm_error ("A VBLK claims to have %d parts.", num);
  		return false;
  	}
@@ -47,7 +47,7 @@
  
  	list_for_each (item, frags) {
  		f = list_entry (item, struct frag, list);
-@@ -1334,10 +1343,9 @@ found:
+@@ -1329,10 +1338,9 @@ found:
  
  	f->map |= (1 << rec);
  

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 03:20:26 2011	(r17613)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 03:30:23 2011	(r17614)
@@ -39,3 +39,4 @@
 + bugfix/arm/prevent-heap-corruption-in-OABI-semtimedop.patch
 + bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
 + bugfix/all/validate-size-of-efi-guid-partition-entries.patch
++ bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch

More information about the Kernel-svn-changes mailing list