[kernel] r17557 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Jun 1 05:52:52 UTC 2011 

Author: dannf
Date: Wed Jun  1 05:52:50 2011
New Revision: 17557

Log:
net: ax25: improve information leak to userland fix, a further fix
for CVE-2010-3875

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Wed Jun  1 05:41:03 2011	(r17556)
+++ dists/lenny-security/linux-2.6/debian/changelog	Wed Jun  1 05:52:50 2011	(r17557)
@@ -28,11 +28,12 @@
   * proc: protect mm start_code/end_code in /proc/pid/stat (CVE-2011-0726)
   * cifs: Fix cache stuffing issue in the dns_resolver keyring (CVE-2010-2524)
   * serial: Fix information leak in TIOCGICOUNT ioctl (CVE-2010-4075)
+  * net: ax25: improve information leak to userland fix, a further fix
+    for CVE-2010-3875
 
   [ Ben Hutchings ]
   * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
 
-
  -- dann frazier <dannf at debian.org>  Wed, 30 Mar 2011 22:46:26 -0600
 
 linux-2.6 (2.6.26-26lenny2) stable-security; urgency=high

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch	Wed Jun  1 05:52:50 2011	(r17557)
@@ -0,0 +1,28 @@
+commit 5b919f833d9d60588d026ad82d17f17e8872c7a9
+Author: Kees Cook <kees.cook at canonical.com>
+Date:   Wed Jan 12 00:34:49 2011 -0800
+
+    net: ax25: fix information leak to userland harder
+    
+    Commit fe10ae53384e48c51996941b7720ee16995cbcb7 adds a memset() to clear
+    the structure being sent back to userspace, but accidentally used the
+    wrong size.
+    
+    Reported-by: Brad Spengler <spender at grsecurity.net>
+    Signed-off-by: Kees Cook <kees.cook at canonical.com>
+    Cc: stable at kernel.org
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
+index bb86d29..6da5dae 100644
+--- a/net/ax25/af_ax25.c
++++ b/net/ax25/af_ax25.c
+@@ -1392,7 +1392,7 @@ static int ax25_getname(struct socket *sock, struct sockaddr *uaddr,
+ 	ax25_cb *ax25;
+ 	int err = 0;
+ 
+-	memset(fsa, 0, sizeof(fsa));
++	memset(fsa, 0, sizeof(*fsa));
+ 	lock_sock(sk);
+ 	ax25 = ax25_sk(sk);
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Wed Jun  1 05:41:03 2011	(r17556)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Wed Jun  1 05:52:50 2011	(r17557)
@@ -26,3 +26,4 @@
 + bugfix/all/security-keys-new-key-flag-for-add_key-from-userspace.patch
 + bugfix/all/fs-cifs-reject-dns-upcall-add_key-req-from-userspace.patch
 + bugfix/all/serial_core-clean-data-before-filling-it.patch
++ bugfix/all/net-ax25-fix-information-leak-to-userland-harder.patch

More information about the Kernel-svn-changes mailing list