Hello community, here is the log from the commit of package libcgroup1 for openSUSE:11.2 checked in at Fri Mar 4 15:08:26 CET 2011.
-------- --- old-versions/11.2/all/libcgroup1/libcgroup1.changes 2009-08-18 13:41:04.000000000 +0200 +++ 11.2/libcgroup1/libcgroup1.changes 2011-02-28 18:28:24.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Feb 28 18:27:44 CET 2011 - [email protected] + +- verify the sender of netlink messages (bnc#675048, CVE-2011-1022) +- fix buf overflow (bnc#675506, CVE-2011-1006) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.2/all/libcgroup1 Destination is old-versions/11.2/UPDATES/all/libcgroup1 calling whatdependson for 11.2-i586 New: ---- cgrulesengd-deny-message-forging.patch libcgroup-CVE-2011-1006.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcgroup1.spec ++++++ --- /var/tmp/diff_new_pack.5OvRbh/_old 2011-03-04 15:08:15.000000000 +0100 +++ /var/tmp/diff_new_pack.5OvRbh/_new 2011-03-04 15:08:15.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package libcgroup1 (Version 0.34) +# spec file for package libcgroup1 # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,8 +20,8 @@ Name: libcgroup1 Version: 0.34 -Release: 2 -License: LGPL v2.1 only +Release: 3.<RELEASE3> +License: LGPLv2.1 Group: System/Management AutoReqProv: on Summary: Control groups management tools @@ -33,6 +33,8 @@ Patch0: libcgroup-sigaction.patch Patch1: libcgroup-pamlibdir.patch Patch2: libcgroup-remove-suid.patch +Patch3: cgrulesengd-deny-message-forging.patch +Patch4: libcgroup-CVE-2011-1006.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gcc-c++ pam-devel Requires: insserv pam @@ -51,7 +53,7 @@ Dhaval Giani <[email protected]> %package -n libcgroup-devel -License: LGPL v2.1 only +License: LGPLv2.1 Summary: Control groups management tools devel package Group: Development/Libraries/C and C++ Requires: %{name} = %{version}-%{release} @@ -74,6 +76,8 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build autoreconf -fi ++++++ cgrulesengd-deny-message-forging.patch ++++++ >From 0a59ea5e0b2ce466bfd35c9e700094bf09a0310d Mon Sep 17 00:00:00 2001 From: Nelson Elhage <[email protected]> Date: Thu, 17 Feb 2011 20:55:12 -0500 Subject: cgrulesengd: Ignore netlink messages that don't come from the kernel. References: bnc#675048, CVE-2011-1022 recvfrom() returns the address, it doesn't filter the packet based on the sender. We need to explicitly check the received address after the call happens. Signed-off-by: Nelson Elhage <[email protected]> Signed-off-by: Jan Safranek <[email protected]> Signed-off-by: Jiri Slaby <[email protected]> --- src/daemon/cgrulesengd.c | 11 ++++------- 1 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c index 10fd2cd..5a965fd 100644 --- a/src/daemon/cgrulesengd.c +++ b/src/daemon/cgrulesengd.c @@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl) struct sockaddr_nl from_nla; socklen_t from_nla_len; struct nlmsghdr *nlh; - struct sockaddr_nl kern_nla; struct cn_msg *cn_hdr; - kern_nla.nl_family = AF_NETLINK; - kern_nla.nl_groups = CN_IDX_PROC; - kern_nla.nl_pid = 1; - kern_nla.nl_pad = 0; - memset(buff, 0, sizeof(buff)); from_nla_len = sizeof(from_nla); - memcpy(&from_nla, &kern_nla, sizeof(from_nla)); recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0, (struct sockaddr *)&from_nla, &from_nla_len); if (recv_len == ENOBUFS) { @@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl) if (recv_len < 1) return 0; + if (from_nla.nl_groups != CN_IDX_PROC + || from_nla.nl_pid != 0) + return 0; + nlh = (struct nlmsghdr *)buff; while (NLMSG_OK(nlh, recv_len)) { cn_hdr = NLMSG_DATA(nlh); -- 1.7.4.1 ++++++ libcgroup-CVE-2011-1006.patch ++++++ diff --git a/src/tools/tools-common.c b/src/tools/tools-common.c index 4beffcd..7d633be 100644 --- a/src/tools/tools-common.c +++ b/src/tools/tools-common.c @@ -79,7 +79,7 @@ int parse_cgroup_spec(struct cgroup_group_spec **cdptr, char *optarg, } } j++; - } while (temp); + } while (temp && j<CG_CONTROLLER_MAX-1); /* Store path to the cgroup */ strncpy(cdptr[i]->path, pathptr, FILENAME_MAX); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
