Author: arekm Date: Sun Feb 10 18:22:23 2008 GMT
Module: SOURCES Tag: LINUX_2_6_22
---- Log message:
- some unofficial fix for local root hole
---- Files affected:
SOURCES:
kernel-vmsplice.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/kernel-vmsplice.patch
diff -u /dev/null SOURCES/kernel-vmsplice.patch:1.1.2.1
--- /dev/null Sun Feb 10 19:22:23 2008
+++ SOURCES/kernel-vmsplice.patch Sun Feb 10 19:22:18 2008
@@ -0,0 +1,15 @@
+--- a/fs/splice.c.org 2008-02-10 18:59:14.848560519 +0100
++++ b/fs/splice.c 2008-02-10 19:17:03.955805594 +0100
+@@ -1163,6 +1163,12 @@
+ size_t len;
+ int i;
+
++ /* CVE-2008-0009, CVE-2008-0010 fix */
++ if(!access_ok(VERIFY_READ, base, len)) {
++ error = -EFAULT;
++ break;
++ }
++
+ /*
+ * Get user address base and length for this iovec.
+ */
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
