[kernel] r6640 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
patches patches/series
Dann Frazier
dannf at costa.debian.org
Sat May 20 07:28:54 UTC 2006
Author: dannf
Date: Sat May 20 07:28:49 2006
New Revision: 6640
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
Log:
* s390-strnlen_user-return.dpatch
[SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
returning a value that is too large
See CVE-2006-0456
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Sat May 20 07:28:49 2006
@@ -77,8 +77,12 @@
netfilter that allows local users with CAP_NET_ADMIN capabilities to
read kernel memory
See CVE-2006-0039
+ * s390-strnlen_user-return.dpatch
+ [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
+ returning a value that is too large
+ See CVE-2006-0456
- -- dann frazier <dannf at debian.org> Sat, 20 May 2006 02:15:22 -0500
+ -- dann frazier <dannf at debian.org> Sat, 20 May 2006 02:25:23 -0500
kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch Sat May 20 07:28:49 2006
@@ -0,0 +1,55 @@
+From: Gerald Schaefer <geraldsc at de.ibm.com>
+Date: Wed, 8 Mar 2006 05:55:37 +0000 (-0800)
+Subject: [PATCH] s390: fix strnlen_user return value
+X-Git-Tag: v2.6.16-rc6
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79
+
+[PATCH] s390: fix strnlen_user return value
+
+strnlen_user is supposed to return then length count + 1 if no terminating \0
+is found, and it should return 0 on exception. Found by David Howells
+<dhowells at redhat.com>.
+
+Signed-off-by: Gerald Schaefer <geraldsc at de.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
+Acked-By: David Howells <dhowells at redhat.com>
+Signed-off-by: Andrew Morton <akpm at osdl.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/arch/s390/lib/uaccess.S
++++ b/arch/s390/lib/uaccess.S
+@@ -198,12 +198,12 @@ __strnlen_user_asm:
+ 0: srst %r2,%r1
+ jo 0b
+ sacf 0
+- jh 1f # \0 found in string ?
+ ahi %r2,1 # strnlen_user result includes the \0
+-1: slr %r2,%r3
++ # or return count+1 if \0 not found
++ slr %r2,%r3
+ br %r14
+ 2: sacf 0
+- lhi %r2,-EFAULT
++ slr %r2,%r2 # return 0 on exception
+ br %r14
+ .section __ex_table,"a"
+ .long 0b,2b
+--- a/arch/s390/lib/uaccess64.S
++++ b/arch/s390/lib/uaccess64.S
+@@ -194,12 +194,12 @@ __strnlen_user_asm:
+ 0: srst %r2,%r1
+ jo 0b
+ sacf 0
+- jh 1f # \0 found in string ?
+ aghi %r2,1 # strnlen_user result includes the \0
+-1: slgr %r2,%r3
++ # or return count+1 if \0 not found
++ slgr %r2,%r3
+ br %r14
+ 2: sacf 0
+- lghi %r2,-EFAULT
++ slgr %r2,%r2 # return 0 on exception
+ br %r14
+ .section __ex_table,"a"
+ .quad 0b,2b
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3 Sat May 20 07:28:49 2006
@@ -21,3 +21,4 @@
+ amd64-fp-reg-leak-dep3.dpatch
+ amd64-fp-reg-leak.dpatch
+ do_add_counters-race.dpatch
++ s390-strnlen_user-return.dpatch
More information about the Kernel-svn-changes
mailing list