lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <cover.1269149354.git.marcel@holtmann.org>
Date:	Sun, 21 Mar 2010 06:41:34 +0100
From:	Marcel Holtmann <marcel@...tmann.org>
To:	David Miller <davem@...emloft.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	netdev@...r.kernel.org
Subject: Pull request: bluetooth-2.6 2010-03-21

Hi Dave,

these patches fix a potential remote denial of service in the L2CAP
layer and a potential bad memory access with some sysfs files.

As agreed with Linus, I fixed the sysfs issue in two steps. The first
patch just avoids the invalid memory access while accepting that the
content might be truncated. The second patch moves everything over to
debugfs (where these files belong anyway) and switches to seq_file.

This two step approach allows an easy backport to -stable kernel by
only picking the first patch.

Linus, feel free to pull directly since both patches are security
related and should be merged as quickly as possible.

Regards

Marcel


Please pull from

    git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6.git master

This will update the following files:

 include/net/bluetooth/bluetooth.h |    2 +-
 net/bluetooth/hci_sysfs.c         |    3 +-
 net/bluetooth/l2cap.c             |   48 +++++++++++++++++++++++++++----------
 net/bluetooth/rfcomm/core.c       |   41 ++++++++++++++++++++++---------
 net/bluetooth/rfcomm/sock.c       |   38 ++++++++++++++++++++--------
 net/bluetooth/sco.c               |   38 ++++++++++++++++++++---------
 6 files changed, 119 insertions(+), 51 deletions(-)

through these ChangeSets:

Andrei Emeltchenko (1):
    Bluetooth: Fix kernel crash on L2CAP stress tests

Marcel Holtmann (2):
    Bluetooth: Fix potential bad memory access with sysfs files
    Bluetooth: Convert debug files to actually use debugfs instead of sysfs

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ