Bug 458758
| Summary: | kernel: dlm: dlm/user.c input validation fixes [mrg-1] | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Eugene Teo (Security Response) <eteo> | ||||||
| Component: | realtime-kernel | Assignee: | Red Hat Real Time Maintenance <rt-maint> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 1.0 | CC: | bhu, davids, eteo, lgoncalv, williams | ||||||
| Target Milestone: | 1.0.3 | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2008-10-07 19:20:58 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 458759, 458760, 458761, 458762 | ||||||||
| Attachments: |
|
||||||||
|
Description
Eugene Teo (Security Response)
2008-08-12 04:17:23 UTC
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 Created attachment 314043 [details]
Upstream patch for this issue
Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76. But the first three hunks are related to a code that is slightly different. I havo no problems in backporting a bit more of code, but I would like to know if it is necessary. (In reply to comment #3) > Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76. > But the first three hunks are related to a code that is slightly different. I > have no problems in backporting a bit more of code, but I would like to know if > it is necessary. It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4. cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input(). Created attachment 314237 [details]
Patch modified by Eugene Teo, including the missing bits for -77
This is a slightly modified version of the patch described below.
It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4.
cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input().
Eugene Teo backported the patch and a few needed bits in order to apply this
patch to 2.6.24.7-77.
-- Queued to -77
Verified that the patch in attachment https://bugzilla.redhat.com/attachment.cgi?id=314237 is implemented into the mrg-rt-2.6.24.7-81 kernel. (mrt-rt.git commit 28f423a1d6b4a09fedd8aa0a27fa873200f93281) An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0857.html |