From fdbdd3f31575a6af784bb7f064f042697cbf6253 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Thu, 28 Feb 2013 15:18:09 +0100 Subject: [PATCH] - up to 3.8.1 --- kernel-small_fixes.patch | 31 ------------------------------- kernel.spec | 4 ++-- 2 files changed, 2 insertions(+), 33 deletions(-) diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch index 0660f7e9..ebdc93f4 100644 --- a/kernel-small_fixes.patch +++ b/kernel-small_fixes.patch @@ -49,34 +49,3 @@ index 7a0c800..ec5ebbb 100644 -- 1.7.7.3 - -commit 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 -Author: Mathias Krause -Date: Sat Feb 23 01:13:47 2013 +0000 - - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] - - Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY - with a family greater or equal then AF_MAX -- the array size of - sock_diag_handlers[]. The current code does not test for this - condition therefore is vulnerable to an out-of-bound access opening - doors for a privilege escalation. - - Signed-off-by: Mathias Krause - Acked-by: Eric Dumazet - Signed-off-by: David S. Miller - -diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 602cd63..750f44f 100644 ---- a/net/core/sock_diag.c -+++ b/net/core/sock_diag.c -@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - if (nlmsg_len(nlh) < sizeof(*req)) - return -EINVAL; - -+ if (req->sdiag_family >= AF_MAX) -+ return -EINVAL; -+ - hndl = sock_diag_lock_handler(req->sdiag_family); - if (hndl == NULL) - err = -ENOENT; diff --git a/kernel.spec b/kernel.spec index 11c64386..65dd9fa5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -68,7 +68,7 @@ %define rel 0.1 %define basever 3.8 -%define postver .0 +%define postver .1 # __alt_kernel is list of features, empty string if none set # _alt kernel is defined as: %{nil}%{?alt_kernel:-%{?alt_kernel}} (defined in rpm.macros) @@ -111,7 +111,7 @@ Source0: http://www.kernel.org/pub/linux/kernel/v3.x/linux-%{basever}.tar.xz # Source0-md5: 1c738edfc54e7c65faeb90c436104e2f %if "%{postver}" != ".0" Patch0: http://www.kernel.org/pub/linux/kernel/v3.x/patch-%{version}.bz2 -# Patch0-md5: 8d176cf61afaafa3c621833a8f8d2c62 +# Patch0-md5: 5bee6b12baef607b0ed4be5cd7d34a48 %endif Source3: kernel-autoconf.h -- 2.44.0