security builds & testing needed

Kees Cook kees at ubuntu.com
Thu Nov 22 02:38:49 UTC 2007


Hi!  So, following the process Ben outlined for the security team, I've
applied a whole mess of cherry-picks that I'd like to have you guys take
a look at, build, test, etc:

http://kernel.ubuntu.com/git?p=kees/ubuntu-dapper-security.git;a=summary
  [UBUNTU:drivers/net] drop invalid spin_unlock calls in skge (CVE-2006-7229)
  minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
  [PATCH] hugetlb: fix prio_tree unit (CVE-2007-4133)
  [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
  USB: fix DoS in pwc USB video driver (CVE-2007-5093)
  wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)

http://kernel.ubuntu.com/git?p=kees/ubuntu-edgy-security.git;a=summary
  minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
  [PATCH] hugetlb: fix prio_tree unit (CVE-2007-4133)
  [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
  USB: fix DoS in pwc USB video driver (CVE-2007-5093)
  wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)

http://kernel.ubuntu.com/git?p=kees/ubuntu-feisty-security.git;a=summary
  minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
  [IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
  [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
  [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
  USB: fix DoS in pwc USB video driver (CVE-2007-5093)
  wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)

http://kernel.ubuntu.com/git?p=kees/ubuntu-gutsy-security.git;a=summary
  minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
  [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
  [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
  [TCP]: Make sure write_queue_from does not begin with NULL ptr (CVE-2007-5501)
  wait_task_stopped: Check p->exit_state instead of TASK_TRACED (CVE-2007-5500)

I didn't do any changelog bits yet, in case I did something ugly in my
commits.

I don't know how (or don't have hardware) to test hugetlb and pwc --
those patches aren't entirely obvious to me either, and both required
some back-porting.

I'd like to try to get these published early next week.

Thanks,

-Kees

-- 
Kees Cook




More information about the kernel-team mailing list