Author: dannf
Date: Thu Aug 17 03:04:04 2006
New Revision: 7172
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/224_cdrom-bad-cgc.buflen-assign.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
Log:
* 224_cdrom-bad-cgc.buflen-assign.diff
[SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
be used by a local user to trigger a buffer overflow via a specially
crafted DVD, USB stick, or similar automatically mounted device.
See CVE-2006-2935
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
Thu Aug 17 03:04:04 2006
@@ -3,8 +3,13 @@
* 223_nfs-handle-long-symlinks.diff
[SECURITY] Fix buffer overflow in NFS readline handling that allows a
remote server to cause a denial of service (crash) via a long symlink
+ * 224_cdrom-bad-cgc.buflen-assign.diff
+ [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
+ be used by a local user to trigger a buffer overflow via a specially
+ crafted DVD, USB stick, or similar automatically mounted device.
+ See CVE-2006-2935
- -- dann frazier <[EMAIL PROTECTED]> Wed, 16 Aug 2006 19:13:03 -0600
+ -- dann frazier <[EMAIL PROTECTED]> Wed, 16 Aug 2006 20:59:54 -0600
kernel-source-2.4.27 (2.4.27-10sarge3) stable-security; urgency=high
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/224_cdrom-bad-cgc.buflen-assign.diff
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/224_cdrom-bad-cgc.buflen-assign.diff
Thu Aug 17 03:04:04 2006
@@ -0,0 +1,28 @@
+From: Jens Axboe <[EMAIL PROTECTED]>
+Date: Mon, 10 Jul 2006 11:44:08 +0000 (-0700)
+Subject: [PATCH] cdrom: fix bad cgc.buflen assignment
+X-Git-Tag: v2.6.18-rc2
+X-Git-Url:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
+
+[PATCH] cdrom: fix bad cgc.buflen assignment
+
+The code really means to mask off the high bits, not assign 0xff.
+
+Signed-off-by: Jens Axboe <[EMAIL PROTECTED]>
+Cc: Marcus Meissner <[EMAIL PROTECTED]>
+Cc: <[EMAIL PROTECTED]>
+Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -1837,7 +1837,7 @@ static int dvd_read_bca(struct cdrom_dev
+ init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ);
+ cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
+ cgc.cmd[7] = s->type;
+- cgc.cmd[9] = cgc.buflen = 0xff;
++ cgc.cmd[9] = cgc.buflen & 0xff;
+
+ if ((ret = cdo->generic_packet(cdi, &cgc)))
+ return ret;
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
==============================================================================
---
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
(original)
+++
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge4
Thu Aug 17 03:04:04 2006
@@ -1 +1,2 @@
+ 223_nfs-handle-long-symlinks.diff
++ 224_cdrom-bad-cgc.buflen-assign.diff
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
