commit bd582909be16356ade1b708ddb29273a9d4bbc2e Author: Jan Rękorajski <bagg...@pld-linux.org> Date: Tue Feb 26 11:40:13 2013 +0100
- added fix for CVE-2013-1763 - rel 2 kernel-CVE-2013-1763.patch | 32 ++++++++++++++++++++++++++++++++ kernel.spec | 4 +++- 2 files changed, 35 insertions(+), 1 deletion(-) --- diff --git a/kernel.spec b/kernel.spec index 97d035f..24a03c5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -66,7 +66,7 @@ %define have_pcmcia 0 %endif -%define rel 1 +%define rel 2 %define basever 3.7 %define postver .9 @@ -227,6 +227,7 @@ Patch400: kernel-virtio-gl-accel.patch Patch2000: kernel-small_fixes.patch Patch2001: kernel-pwc-uncompress.patch Patch2003: kernel-regressions.patch +Patch2004: kernel-CVE-2013-1763.patch # http://git.kernel.org/?p=linux/kernel/git/jj/linux-apparmor.git;a=shortlog;h=refs/heads/v3.5-aa2.8 Patch5000: kernel-apparmor.patch @@ -708,6 +709,7 @@ cd linux-%{basever} %patch2000 -p1 %patch2001 -p1 #%patch2003 -p1 +%patch2004 -p1 # Do not remove this, please! #%%patch50000 -p1 diff --git a/kernel-CVE-2013-1763.patch b/kernel-CVE-2013-1763.patch new file mode 100644 index 0000000..faca9ea --- /dev/null +++ b/kernel-CVE-2013-1763.patch @@ -0,0 +1,32 @@ +Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY +with a family greater or equal then AF_MAX -- the array size of +sock_diag_handlers[]. The current code does not test for this +condition therefore is vulnerable to an out-of-bound access opening +doors for a privilege escalation. + +Signed-off-by: Mathias Krause <mini...@googlemail.com> +--- + net/core/sock_diag.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index 602cd63..750f44f 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (nlmsg_len(nlh) < sizeof(*req)) + return -EINVAL; + ++ if (req->sdiag_family >= AF_MAX) ++ return -EINVAL; ++ + hndl = sock_diag_lock_handler(req->sdiag_family); + if (hndl == NULL) + err = -ENOENT; +-- +1.7.10.4 + +-- +To unsubscribe from this list: send the line "unsubscribe netdev" in +the body of a message to majord...@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html \ No newline at end of file ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/bd582909be16356ade1b708ddb29273a9d4bbc2e _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit