diff options
| author | yardenac | 2013-02-27 09:31:32 -0800 |
|---|---|---|
| committer | yar | 2015-07-03 16:58:22 -0700 |
| commit | e2bcc401ff56d1bf86e23ed0eed07fd74416c3d4 (patch) | |
| tree | 79c27a3ada92fa6cfef4cb8841b412b09618f858 | |
| parent | 4d0a8c548e3e38450fd01a96f43ed9f494067600 (diff) | |
| download | aur-e2bcc401ff56d1bf86e23ed0eed07fd74416c3d4.tar.gz | |
CVE-2013-1763
| -rw-r--r-- | .SRCINFO | 2 | ||||
| -rw-r--r-- | CVE-2013-1763.patch | 34 | ||||
| -rw-r--r-- | PKGBUILD | 3 |
3 files changed, 39 insertions, 0 deletions
@@ -30,6 +30,7 @@ pkgbase = linux-linode source = config.x86_64 source = menu.lst source = linux-linode.preset + source = CVE-2013-1763.patch source = change-default-console-loglevel.patch md5sums = 21223369d682bcf44bcdfe1521095983 md5sums = 375fa67b3daba9e6040f13a0a29bf543 @@ -37,6 +38,7 @@ pkgbase = linux-linode md5sums = c6b60c3fe0027e209a375adefc386124 md5sums = d01f2350ec9f92e2eabcde0f11be24f2 md5sums = ee66f3cd0c5bc0ba0f65499784d19f30 + md5sums = 47e4472ae060798baae01662d661a87b md5sums = 9d3c56a4b999c8bfbd4018089a62f662 pkgname = linux-linode diff --git a/CVE-2013-1763.patch b/CVE-2013-1763.patch new file mode 100644 index 000000000000..a4f0d2ee0a12 --- /dev/null +++ b/CVE-2013-1763.patch @@ -0,0 +1,34 @@ +From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001 +From: Mathias Krause <minipli@googlemail.com> +Date: Sat, 23 Feb 2013 01:13:47 +0000 +Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[] + +Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY +with a family greater or equal then AF_MAX -- the array size of +sock_diag_handlers[]. The current code does not test for this +condition therefore is vulnerable to an out-of-bound access opening +doors for a privilege escalation. + +Signed-off-by: Mathias Krause <minipli@googlemail.com> +Acked-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/core/sock_diag.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index 602cd63..750f44f 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (nlmsg_len(nlh) < sizeof(*req)) + return -EINVAL; + ++ if (req->sdiag_family >= AF_MAX) ++ return -EINVAL; ++ + hndl = sock_diag_lock_handler(req->sdiag_family); + if (hndl == NULL) + err = -ENOENT; +-- +1.7.6.5 @@ -15,6 +15,7 @@ source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz" 'config.x86_64' 'menu.lst' "${pkgname}.preset" + "CVE-2013-1763.patch" 'change-default-console-loglevel.patch') md5sums=('21223369d682bcf44bcdfe1521095983' '375fa67b3daba9e6040f13a0a29bf543' @@ -22,6 +23,7 @@ md5sums=('21223369d682bcf44bcdfe1521095983' 'c6b60c3fe0027e209a375adefc386124' 'd01f2350ec9f92e2eabcde0f11be24f2' 'ee66f3cd0c5bc0ba0f65499784d19f30' + '47e4472ae060798baae01662d661a87b' '9d3c56a4b999c8bfbd4018089a62f662') pkgdesc="Kernel for Arch Linux on Linode" depends=('coreutils' 'linux-firmware' 'kmod' 'mkinitcpio>=0.7') @@ -34,6 +36,7 @@ install=${pkgname}.install build() { cd "${srcdir}/${_srcname}" patch -p1 -i "${srcdir}/patch-${pkgver}" + patch -p1 -i "${srcdir}/CVE-2013-1763.patch" patch -Np1 -i "${srcdir}/change-default-console-loglevel.patch" if [ "${CARCH}" = "x86_64" ]; then cat "${srcdir}/config.x86_64" > ./.config |