Author: dannf
Date: Wed Nov 8 08:07:01 2006
New Revision: 7715
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Log:
* perfmon-fd-refcnt.dpatch
[SECURITY][ia64] Fix file descriptor leak in perfmonctl
system call which could be used as a local denial of service attack
by depleting the system of file descriptors
See CVE-2006-3741
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Wed Nov 8 08:07:01 2006
@@ -1,3 +1,13 @@
+kernel-source-2.6.8 (2.6.8-16sarge6) UNRELEASED; urgency=low
+
+ * perfmon-fd-refcnt.dpatch
+ [SECURITY][ia64] Fix file descriptor leak in perfmonctl
+ system call which could be used as a local denial of service attack
+ by depleting the system of file descriptors
+ See CVE-2006-3741
+
+ -- dann frazier <[EMAIL PROTECTED]> Wed, 8 Nov 2006 00:05:49 -0700
+
kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
* [ERRATA] madvise_remove-restrict.dpatch
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/perfmon-fd-refcnt.dpatch
Wed Nov 8 08:07:01 2006
@@ -0,0 +1,37 @@
+From: Stephane Eranian <[EMAIL PROTECTED]>
+Date: Fri, 25 Aug 2006 21:00:19 +0000 (-0700)
+Subject: [IA64] correct file descriptor reference counting in perfmon
+X-Git-Tag: v2.6.18-rc7
+X-Git-Url:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b8444d00762703e1b6146fce12ce2684885f8bf6
+
+[IA64] correct file descriptor reference counting in perfmon
+
+Fix a bug in sys_perfmonctl() whereby it was not correctly
+decrementing the file descriptor reference count.
+
+Signed-off-by: stephane eranian <[EMAIL PROTECTED]>
+Signed-off-by: Tony Luck <[EMAIL PROTECTED]>
+---
+
+Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]>
+
+diff -urN kernel-source-2.6.8.orig/arch/ia64/kernel/perfmon.c
kernel-source-2.6.8/arch/ia64/kernel/perfmon.c
+--- kernel-source-2.6.8.orig/arch/ia64/kernel/perfmon.c 2006-09-06
19:09:31.000000000 -0600
++++ kernel-source-2.6.8/arch/ia64/kernel/perfmon.c 2006-11-07
23:43:48.361326188 -0700
+@@ -4951,13 +4951,15 @@
+ if (likely(ctx)) {
+ DPRINT(("context unlocked\n"));
+ UNPROTECT_CTX(ctx, flags);
+- fput(file);
+ }
+
+ /* copy argument back to user, if needed */
+ if (call_made && PFM_CMD_RW_ARG(cmd) && copy_to_user(arg, args_k,
base_sz*count)) ret = -EFAULT;
+
+ error_args:
++ if (file)
++ fput(file);
++
+ if (args_k) kfree(args_k);
+
+ DPRINT(("cmd=%s ret=%ld\n", PFM_CMD_NAME(cmd), ret));
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Wed Nov 8 08:07:01 2006
@@ -0,0 +1 @@
++ perfmon-fd-refcnt.dpatch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
