rpms/kernel-xen-2.6/devel linux-2.6-cve-2008-0600.patch, NONE, 1.1 kernel.spec, 1.9, 1.10
Eduardo Habkost (ehabkost)
fedora-extras-commits at redhat.com
Tue Feb 12 17:10:56 UTC 2008
- Previous message (by thread): rpms/postgresql-jdbc/devel postgresql-jdbc-version.patch, 1.2, 1.3 .cvsignore, 1.6, 1.7 postgresql-jdbc.spec, 1.13, 1.14 sources, 1.6, 1.7
- Next message (by thread): rpms/kernel-xen-2.6/F-7 linux-2.6-cve-2008-0600.patch, NONE, 1.1 kernel.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ehabkost
Update of /cvs/pkgs/rpms/kernel-xen-2.6/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9537
Modified Files:
kernel.spec
Added Files:
linux-2.6-cve-2008-0600.patch
Log Message:
CVE-2008-0600 fix (bug #432517)
linux-2.6-cve-2008-0600.patch:
--- NEW FILE linux-2.6-cve-2008-0600.patch ---
From: Bastian Blank <bastian at waldi.eu.org>
Date: Sun, 10 Feb 2008 14:47:57 +0000 (+0200)
Subject: splice: fix user pointer access in get_iovec_page_array()
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=712a30e63c8066ed84385b12edbfb804f49cbc44
splice: fix user pointer access in get_iovec_page_array()
Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
pointer access verification") added the proper access_ok() calls to
copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
from userspace to the kernel.
But we also must check whether we can access the actual memory region
pointed to by the struct iovec to fix the access checks properly.
Signed-off-by: Bastian Blank <waldi at debian.org>
Acked-by: Oliver Pinter <oliver.pntr at gmail.com>
Cc: Jens Axboe <jens.axboe at oracle.com>
Cc: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
---
Index: linux-2.6.21.i686/fs/splice.c
===================================================================
--- linux-2.6.21.i686.orig/fs/splice.c
+++ linux-2.6.21.i686/fs/splice.c
@@ -1171,7 +1171,7 @@ static int get_iovec_page_array(const st
if (unlikely(!len))
break;
error = -EFAULT;
- if (unlikely(!base))
+ if (!access_ok(VERIFY_READ, base, len))
break;
/*
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel-xen-2.6/devel/kernel.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- kernel.spec 18 Jan 2008 19:14:27 -0000 1.9
+++ kernel.spec 12 Feb 2008 17:10:17 -0000 1.10
@@ -919,6 +919,11 @@
Patch5000: linux-2.6-firewire.patch
Patch5001: linux-2.6-firewire-be32-fix.patch
+# Security:
+
+# CVE-2008-0600 (bug #432517)
+Patch6000: linux-2.6-cve-2008-0600.patch
+
#
# 10000 to 20000 is for stuff that has to come last due to the
# amount of drivers they touch. But only these should go here.
@@ -1686,6 +1691,9 @@
%patch5000 -p1
%patch5001 -p1
+# security:
+%patch6000 -p1
+
#
# final stuff
#
@@ -2271,6 +2279,9 @@
%kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL} -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.conf %{with_xen} xen
%changelog
+* Tue Feb 12 2008 Eduardo Habkost <ehabkost at redhat.com>
+- CVE-2008-0600 fix (bug #432517)
+
* Fri Jan 18 2008 Daniel P. Berrange <berrange at redhat.com>
- Update to 3.2.0 final release
- Previous message (by thread): rpms/postgresql-jdbc/devel postgresql-jdbc-version.patch, 1.2, 1.3 .cvsignore, 1.6, 1.7 postgresql-jdbc.spec, 1.13, 1.14 sources, 1.6, 1.7
- Next message (by thread): rpms/kernel-xen-2.6/F-7 linux-2.6-cve-2008-0600.patch, NONE, 1.1 kernel.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list