[kernel] r6579 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Wed May 17 00:31:33 UTC 2006
Author: dannf
Date: Wed May 17 00:31:31 2006
New Revision: 6579
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* sys_mbind-sanity-checking.dpatch
[SECURITY] Make sure maxnodes is safe size before calculating nlongs in
get_nodes() to prevent a local DoS vulnerability.
See CVE-2006-0557
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Wed May 17 00:31:31 2006
@@ -8,8 +8,12 @@
[SECURITY] Fix buffer overflow in netfilter do_replace which can could
be triggered by users with CAP_NET_ADMIN rights.
See CVE-2006-0038
+ * sys_mbind-sanity-checking.dpatch
+ [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
+ get_nodes() to prevent a local DoS vulnerability.
+ See CVE-2006-0557
- -- dann frazier <dannf at debian.org> Tue, 16 May 2006 01:11:48 -0500
+ -- dann frazier <dannf at debian.org> Tue, 16 May 2006 19:28:02 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Wed May 17 00:31:31 2006
@@ -1,3 +1,4 @@
+ net-protocol-mod-refcounts-pre.dpatch
+ net-protocol-mod-refcounts.dpatch
+ netfilter-do_replace-overflow.dpatch
++ sys_mbind-sanity-checking.dpatch
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/sys_mbind-sanity-checking.dpatch Wed May 17 00:31:31 2006
@@ -0,0 +1,26 @@
+From: Chris Wright <chrisw at sous-sol.org>
+Date: Fri, 17 Feb 2006 21:59:36 +0000 (-0800)
+Subject: [PATCH] sys_mbind sanity checking
+X-Git-Tag: v2.6.16-rc4
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=636f13c174dd7c84a437d3c3e8fa66f03f7fda63
+
+[PATCH] sys_mbind sanity checking
+
+Make sure maxnodes is safe size before calculating nlongs in
+get_nodes().
+
+Signed-off-by: Chris Wright <chrisw at sous-sol.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -808,6 +808,8 @@ static int get_nodes(nodemask_t *nodes,
+ nodes_clear(*nodes);
+ if (maxnode == 0 || !nmask)
+ return 0;
++ if (maxnode > PAGE_SIZE)
++ return -EINVAL;
+
+ nlongs = BITS_TO_LONGS(maxnode);
+ if ((maxnode % BITS_PER_LONG) == 0)
More information about the Kernel-svn-changes
mailing list