rpms/kernel/F-11 ax25-fix-possible-oops-in-ax25_make_new.patch, NONE, 1.1 kernel.spec, 1.1764, 1.1765
Chuck Ebbert
cebbert at fedoraproject.org
Thu Oct 15 12:17:22 UTC 2009
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15584
Modified Files:
kernel.spec
Added Files:
ax25-fix-possible-oops-in-ax25_make_new.patch
Log Message:
AX.25 security fix (CVE-2009-2909)
ax25-fix-possible-oops-in-ax25_make_new.patch:
af_ax25.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE ax25-fix-possible-oops-in-ax25_make_new.patch ---
>From fc19457a1971fee7f7e2b7f2346a5f66cfa2867c Mon Sep 17 00:00:00 2001
From: Jarek Poplawski <jarkao2 at gmail.com>
Date: Sun, 27 Sep 2009 10:57:02 +0000
Subject: ax25: Fix possible oops in ax25_make_new
From: Jarek Poplawski <jarkao2 at gmail.com>
[ Upstream commit 8c185ab6185bf5e67766edb000ce428269364c86 ]
In ax25_make_new, if kmemdup of digipeat returns an error, there would
be an oops in sk_free while calling sk_destruct, because sk_protinfo
is NULL at the moment; move sk->sk_destruct initialization after this.
BTW of reported-by: Bernard Pidoux F6BVP <f6bvp at free.fr>
Signed-off-by: Jarek Poplawski <jarkao2 at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
net/ax25/af_ax25.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -893,7 +893,6 @@ struct sock *ax25_make_new(struct sock *
sock_init_data(NULL, sk);
- sk->sk_destruct = ax25_free_sock;
sk->sk_type = osk->sk_type;
sk->sk_priority = osk->sk_priority;
sk->sk_protocol = osk->sk_protocol;
@@ -931,6 +930,7 @@ struct sock *ax25_make_new(struct sock *
}
sk->sk_protinfo = ax25;
+ sk->sk_destruct = ax25_free_sock;
ax25->sk = sk;
return sk;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1764
retrieving revision 1.1765
diff -u -p -r1.1764 -r1.1765
--- kernel.spec 15 Oct 2009 08:28:27 -0000 1.1764
+++ kernel.spec 15 Oct 2009 12:17:21 -0000 1.1765
@@ -800,6 +800,9 @@ Patch15760: x86-fix-csum_ipv6_magic-asm-
# libata fix from 2.6.31.4 (#524756)
Patch15800: libata-fix-incorrect-link-online-check-during-probe.patch
+# ax25 security fix (cve-2009-2909)
+Patch15900: ax25-fix-possible-oops-in-ax25_make_new.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1497,6 +1500,9 @@ ApplyPatch x86-fix-csum_ipv6_magic-asm-m
# libata fix from 2.6.31.4 (#524756)
ApplyPatch libata-fix-incorrect-link-online-check-during-probe.patch
+# ax25 security fix (cve-2009-2909)
+ApplyPatch ax25-fix-possible-oops-in-ax25_make_new.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2085,6 +2091,9 @@ fi
# and build.
%changelog
+* Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-86
+- AX.25 security fix (CVE-2009-2909)
+
* Thu Oct 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.9-85
- Disable CONFIG_USB_STORAGE_CYPRESS_ATACB because it causes failure
to boot from USB disks using Cypress bridges (#524998)
More information about the fedora-extras-commits
mailing list