From ff3f0982dccec4012b8a172dc20080473819caa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?= Date: Mon, 25 Feb 2013 14:02:00 -0200 Subject: linux-libre-pae-3.8-2: updating revision * Fix security issue https://bugs.archlinux.org/task/34005 --- kernels/linux-libre-pae/CVE-2013-1763.patch | 35 +++++++++++++++++++++++++++++ kernels/linux-libre-pae/PKGBUILD | 16 ++++++++----- 2 files changed, 46 insertions(+), 5 deletions(-) create mode 100644 kernels/linux-libre-pae/CVE-2013-1763.patch (limited to 'kernels/linux-libre-pae') diff --git a/kernels/linux-libre-pae/CVE-2013-1763.patch b/kernels/linux-libre-pae/CVE-2013-1763.patch new file mode 100644 index 000000000..82b59a6dc --- /dev/null +++ b/kernels/linux-libre-pae/CVE-2013-1763.patch @@ -0,0 +1,35 @@ +From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001 +From: Mathias Krause +Date: Sat, 23 Feb 2013 01:13:47 +0000 +Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[] + +Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY +with a family greater or equal then AF_MAX -- the array size of +sock_diag_handlers[]. The current code does not test for this +condition therefore is vulnerable to an out-of-bound access opening +doors for a privilege escalation. + +Signed-off-by: Mathias Krause +Acked-by: Eric Dumazet +Signed-off-by: David S. Miller +--- + net/core/sock_diag.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index 602cd63..750f44f 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (nlmsg_len(nlh) < sizeof(*req)) + return -EINVAL; + ++ if (req->sdiag_family >= AF_MAX) ++ return -EINVAL; ++ + hndl = sock_diag_lock_handler(req->sdiag_family); + if (hndl == NULL) + err = -ENOENT; +-- +1.7.6.5 + diff --git a/kernels/linux-libre-pae/PKGBUILD b/kernels/linux-libre-pae/PKGBUILD index b5fa1ce58..6f0c91586 100644 --- a/kernels/linux-libre-pae/PKGBUILD +++ b/kernels/linux-libre-pae/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 178342 2013-02-20 12:32:29Z tpowa $ +# $Id: PKGBUILD 178533 2013-02-25 11:02:32Z tpowa $ # Contributor: Tobias Powalowski # Contributor: Thomas Baechler # Maintainer (Parabola): André Silva @@ -8,7 +8,7 @@ pkgbase=linux-libre-pae # Build stock -LIBRE-PAE kernel _basekernel=3.8 #pkgver=${_basekernel}.9 pkgver=${_basekernel} -pkgrel=1 +pkgrel=2 arch=('i686') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -21,12 +21,14 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn # standard config files for mkinitcpio ramdisk "${pkgbase}.preset" 'boot-logo.patch' - 'change-default-console-loglevel.patch') + 'change-default-console-loglevel.patch' + 'CVE-2013-1763.patch') md5sums=('84c2a77910932ffc7d958744ac9cf2f5' '01e97ae92b25fa9d004ff589c7f56703' 'f302c931bd85309da9d9792b4cc96467' '04b21c79df0a952c22d681dd4f4562df' - '9d3c56a4b999c8bfbd4018089a62f662') + '9d3c56a4b999c8bfbd4018089a62f662' + '420991808fe4cba143013427c0737aa9') _kernelname=${pkgbase#linux-libre} _localversionname=-LIBRE-PAE @@ -41,6 +43,10 @@ build() { # Add freedo as boot logo patch -Np1 -i "${srcdir}/boot-logo.patch" + # Fix security vulnetability CVE-2013-1763.patch + # https://bugs.archlinux.org/task/34005 + patch -Np1 -i "${srcdir}/CVE-2013-1763.patch" + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) @@ -168,7 +174,7 @@ _package-headers() { mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" - for i in acpi asm-generic config crypto drm generated linux math-emu \ + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" done -- cgit v1.2.3-2-g168b