This is the start of the stable review cycle for the 2.6.13.1 release.
There are 9 patches in this series, all will be posted as a response to
this one. If anyone has any issues with these being applied, please let
us know. If anyone is a maintainer of the proper subsystem, and wants
to add a signed-off-by: line to the patch, please respond with it.
These patches are sent out with a number of different people on the
Cc: line. If you wish to be a reviewer, please email [email protected]
to add your name to the list. If you want to be off the reviewer list,
also email us.
Responses should be made by Sat Sep 8 01:00 2005 UTC. Anything received
after that time, might be too late.
thanks,
the -stable release team
--
I missed this one when launching review cycle, thanks to Mark Cox for
catching oversight.
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Al Viro <[email protected]>
Fix unchecked __get_user that could be tricked into generating a
memory read on an arbitrary address. The result of the read is not
returned directly but you may be able to divine some information about
it, or use the read to cause a crash on some architectures by reading
hardware state. CAN-2005-2492.
Fix from Al Viro, ack from Dave Miller.
Signed-off-by: Chris Wright <[email protected]>
---
net/ipv4/raw.c | 2 +-
net/ipv6/raw.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Index: linux-2.6.13.y/net/ipv4/raw.c
===================================================================
--- linux-2.6.13.y.orig/net/ipv4/raw.c
+++ linux-2.6.13.y/net/ipv4/raw.c
@@ -358,7 +358,7 @@ static void raw_probe_proto_opt(struct f
if (type && code) {
get_user(fl->fl_icmp_type, type);
- __get_user(fl->fl_icmp_code, code);
+ get_user(fl->fl_icmp_code, code);
probed = 1;
}
break;
Index: linux-2.6.13.y/net/ipv6/raw.c
===================================================================
--- linux-2.6.13.y.orig/net/ipv6/raw.c
+++ linux-2.6.13.y/net/ipv6/raw.c
@@ -619,7 +619,7 @@ static void rawv6_probe_proto_opt(struct
if (type && code) {
get_user(fl->fl_icmp_type, type);
- __get_user(fl->fl_icmp_code, code);
+ get_user(fl->fl_icmp_code, code);
probed = 1;
}
break;
Chris Wright wrote:
> This is the start of the stable review cycle for the 2.6.13.1 release.
> There are 9 patches in this series, all will be posted as a response to
> this one. If anyone has any issues with these being applied, please let
> us know. If anyone is a maintainer of the proper subsystem, and wants
> to add a signed-off-by: line to the patch, please respond with it.
*snip*
I didn't see the patch from Ivan Kokshaysky (
http://marc.theaimsgroup.com/?l=linux-kernel&m=112541348008047&w=2 )
included.. Without this one my laptop will freeze and die when inserting
a something into the cardbus slot, so I would say that it would kind of
fit in there.
Any reason why it's not included?
--
Henrik
* Henrik Persson ([email protected]) wrote:
*
> I didn't see the patch from Ivan Kokshaysky (
> http://marc.theaimsgroup.com/?l=linux-kernel&m=112541348008047&w=2 )
> included.. Without this one my laptop will freeze and die when inserting
> a something into the cardbus slot, so I would say that it would kind of
> fit in there.
>
> Any reason why it's not included?
It's in there, number 4 in the series.
thanks,
-chris