[kernel] r22500 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at moszumanska.debian.org
Sun Apr 12 20:52:54 UTC 2015
Author: benh
Date: Sun Apr 12 20:52:54 2015
New Revision: 22500
Log:
Add some simple security fixes
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze12
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Sun Apr 12 20:44:07 2015 (r22499)
+++ dists/squeeze-security/linux-2.6/debian/changelog Sun Apr 12 20:52:54 2015 (r22500)
@@ -10,6 +10,9 @@
* ipv6: Don't reduce hop limit for an interface (CVE-2015-2922)
* [amd64] asm/entry: Remove a bogus 'ret_from_fork' optimization
(CVE-2015-2830)
+ * net: llc: use correct size for sysctl timeout entries (CVE-2015-2041)
+ * net: rds: use correct size for max unacked packets and bytes
+ (CVE-2015-2042)
-- Ben Hutchings <ben at decadent.org.uk> Sun, 12 Apr 2015 17:12:31 +0100
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch Sun Apr 12 20:52:54 2015 (r22500)
@@ -0,0 +1,56 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Fri, 23 Jan 2015 20:47:00 -0500
+Subject: net: llc: use correct size for sysctl timeout entries
+Origin: https://git.kernel.org/linus/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
+
+The timeout entries are sizeof(int) rather than sizeof(long), which
+means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+[bwh: Backported to 2.6.32: adjust context]
+---
+ net/llc/sysctl_net_llc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c
+index 612a5dd..799bafc 100644
+--- a/net/llc/sysctl_net_llc.c
++++ b/net/llc/sysctl_net_llc.c
+@@ -18,7 +18,7 @@ static struct ctl_table llc2_timeout_table[] = {
+ .ctl_name = NET_LLC2_ACK_TIMEOUT,
+ .procname = "ack",
+ .data = &sysctl_llc2_ack_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_ack_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ .strategy = sysctl_jiffies,
+@@ -27,7 +27,7 @@
+ .ctl_name = NET_LLC2_BUSY_TIMEOUT,
+ .procname = "busy",
+ .data = &sysctl_llc2_busy_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_busy_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ .strategy = sysctl_jiffies,
+@@ -36,7 +36,7 @@
+ .ctl_name = NET_LLC2_P_TIMEOUT,
+ .procname = "p",
+ .data = &sysctl_llc2_p_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_p_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ .strategy = sysctl_jiffies,
+@@ -45,7 +45,7 @@
+ .ctl_name = NET_LLC2_REJ_TIMEOUT,
+ .procname = "rej",
+ .data = &sysctl_llc2_rej_timeout,
+- .maxlen = sizeof(long),
++ .maxlen = sizeof(sysctl_llc2_rej_timeout),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_jiffies,
+ .strategy = sysctl_jiffies,
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch Sun Apr 12 20:52:54 2015 (r22500)
@@ -0,0 +1,40 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Tue, 3 Feb 2015 08:55:58 -0500
+Subject: net: rds: use correct size for max unacked packets and bytes
+Origin: https://git.kernel.org/linus/db27ebb111e9f69efece08e4cb6a34ff980f8896
+
+Max unacked packets/bytes is an int while sizeof(long) was used in the
+sysctl table.
+
+This means that when they were getting read we'd also leak kernel memory
+to userspace along with the timeout values.
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+[bwh: Backported to 2.6.32: adjust context]
+---
+ net/rds/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index c3b0cd4..c173f69 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -74,7 +74,7 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "max_unacked_packets",
+ .data = &rds_sysctl_max_unacked_packets,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = &proc_dointvec,
+ },
+@@ -82,7 +82,7 @@
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "max_unacked_bytes",
+ .data = &rds_sysctl_max_unacked_bytes,
+- .maxlen = sizeof(unsigned long),
++ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = &proc_dointvec,
+ },
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze12
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze12 Sun Apr 12 20:44:07 2015 (r22499)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/48squeeze12 Sun Apr 12 20:52:54 2015 (r22500)
@@ -5,3 +5,5 @@
+ bugfix/all/hid-fix-a-couple-of-off-by-ones.patch
+ bugfix/all/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
+ bugfix/x86/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimi.patch
++ bugfix/all/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
++ bugfix/all/net-rds-use-correct-size-for-max-unacked-packets-and.patch
More information about the Kernel-svn-changes
mailing list