From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Thu, 6 Jul 2006 22:07:53 +0000 (-0700)
Subject: 2.6.16.24 and 2.6.17.4 releases2.6.16.24 and 2.6.17.4 releases
X-Git-Tag: v2.6.16.24^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b6646af29571af23804af97496c6264efb29d22;p=thirdparty%2Fkernel%2Fstable-queue.git

2.6.16.24 and 2.6.17.4 releases2.6.16.24 and 2.6.17.4 releases
---

diff --git a/releases/2.6.16.24/fix-prctl-privilege-escalation-and-suid_dumpable.patch b/releases/2.6.16.24/fix-prctl-privilege-escalation-and-suid_dumpable.patch
new file mode 100644
index 00000000000..3064ce2671f
--- /dev/null
+++ b/releases/2.6.16.24/fix-prctl-privilege-escalation-and-suid_dumpable.patch
@@ -0,0 +1,22 @@
+From: Ernie Petrides
+Subject: fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
+References: 186980
+Patch-mainline: 2.6.18
+
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sys.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- gregkh-2.6.orig/kernel/sys.c
++++ gregkh-2.6/kernel/sys.c
+@@ -1983,7 +1983,7 @@ asmlinkage long sys_prctl(int option, un
+ 			error = current->mm->dumpable;
+ 			break;
+ 		case PR_SET_DUMPABLE:
+-			if (arg2 < 0 || arg2 > 2) {
++			if (arg2 < 0 || arg2 > 1) {
+ 				error = -EINVAL;
+ 				break;
+ 			}
diff --git a/releases/2.6.17.4/fix-prctl-privilege-escalation-and-suid_dumpable.patch b/releases/2.6.17.4/fix-prctl-privilege-escalation-and-suid_dumpable.patch
new file mode 100644
index 00000000000..3064ce2671f
--- /dev/null
+++ b/releases/2.6.17.4/fix-prctl-privilege-escalation-and-suid_dumpable.patch
@@ -0,0 +1,22 @@
+From: Ernie Petrides
+Subject: fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
+References: 186980
+Patch-mainline: 2.6.18
+
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sys.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- gregkh-2.6.orig/kernel/sys.c
++++ gregkh-2.6/kernel/sys.c
+@@ -1983,7 +1983,7 @@ asmlinkage long sys_prctl(int option, un
+ 			error = current->mm->dumpable;
+ 			break;
+ 		case PR_SET_DUMPABLE:
+-			if (arg2 < 0 || arg2 > 2) {
++			if (arg2 < 0 || arg2 > 1) {
+ 				error = -EINVAL;
+ 				break;
+ 			}