[kernel] r6579 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Wed May 17 00:31:33 UTC 2006

Author: dannf
Date: Wed May 17 00:31:31 2006
New Revision: 6579

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* sys_mbind-sanity-checking.dpatch
  [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
  get_nodes() to prevent a local DoS vulnerability.
  See CVE-2006-0557

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================

--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Wed May 17 00:31:31 2006
@@ -8,8 +8,12 @@
     [SECURITY] Fix buffer overflow in netfilter do_replace which can could
     be triggered by users with CAP_NET_ADMIN rights.
     See CVE-2006-0038
+  * sys_mbind-sanity-checking.dpatch
+    [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
+    get_nodes() to prevent a local DoS vulnerability.
+    See CVE-2006-0557
 
- -- dann frazier <dannf at debian.org>  Tue, 16 May 2006 01:11:48 -0500
+ -- dann frazier <dannf at debian.org>  Tue, 16 May 2006 19:28:02 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Wed May 17 00:31:31 2006
@@ -1,3 +1,4 @@
 + net-protocol-mod-refcounts-pre.dpatch
 + net-protocol-mod-refcounts.dpatch
 + netfilter-do_replace-overflow.dpatch
++ sys_mbind-sanity-checking.dpatch

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch	Wed May 17 00:31:31 2006
@@ -0,0 +1,26 @@
+From: Chris Wright <chrisw at sous-sol.org>
+Date: Fri, 17 Feb 2006 21:59:36 +0000 (-0800)
+Subject: [PATCH] sys_mbind sanity checking
+X-Git-Tag: v2.6.16-rc4
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63
+
+[PATCH] sys_mbind sanity checking
+
+Make sure maxnodes is safe size before calculating nlongs in
+get_nodes().
+
+Signed-off-by: Chris Wright <chrisw at sous-sol.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -808,6 +808,8 @@ static int get_nodes(nodemask_t *nodes, 
+ 	nodes_clear(*nodes);
+ 	if (maxnode == 0 || !nmask)
+ 		return 0;
++	if (maxnode > PAGE_SIZE)
++		return -EINVAL;
+ 
+ 	nlongs = BITS_TO_LONGS(maxnode);
+ 	if ((maxnode % BITS_PER_LONG) == 0)

