[packages/kernel/LINUX_3_7] - fix CVE-2013-2094 - rel 8
baggins
baggins at pld-linux.org
Wed May 15 08:02:12 CEST 2013
commit f2cdc8a4096f4055ae7ee5d56c34c82c1d2b1f51
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Wed May 15 08:01:58 2013 +0200
- fix CVE-2013-2094
- rel 8
CVE-2013-2094.patch | 38 ++++++++++++++++++++++++++++++++++++++
kernel.spec | 4 +++-
2 files changed, 41 insertions(+), 1 deletion(-)
---
diff --git a/kernel.spec b/kernel.spec
index f53162e..800b4c5 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -66,7 +66,7 @@
%define have_pcmcia 0
%endif
-%define rel 7
+%define rel 8
%define basever 3.7
%define postver .10
@@ -227,6 +227,7 @@ Patch400: kernel-virtio-gl-accel.patch
Patch2000: kernel-small_fixes.patch
Patch2001: kernel-pwc-uncompress.patch
Patch2003: kernel-regressions.patch
+Patch2004: CVE-2013-2094.patch
# http://git.kernel.org/?p=linux/kernel/git/jj/linux-apparmor.git;a=shortlog;h=refs/heads/v3.5-aa2.8
Patch5000: kernel-apparmor.patch
@@ -708,6 +709,7 @@ cd linux-%{basever}
%patch2000 -p1
%patch2001 -p1
#%patch2003 -p1
+%patch2004 -p1
# Do not remove this, please!
#%%patch50000 -p1
diff --git a/CVE-2013-2094.patch b/CVE-2013-2094.patch
new file mode 100644
index 0000000..d2d909a
--- /dev/null
+++ b/CVE-2013-2094.patch
@@ -0,0 +1,38 @@
+From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tt.rantala at gmail.com>
+Date: Sat, 13 Apr 2013 19:49:14 +0000
+Subject: perf: Treat attr.config as u64 in perf_swevent_init()
+
+Trinity discovered that we fail to check all 64 bits of
+attr.config passed by user space, resulting to out-of-bounds
+access of the perf_swevent_enabled array in
+sw_perf_event_destroy().
+
+Introduced in commit b0a873ebb ("perf: Register PMU
+implementations").
+
+Signed-off-by: Tommi Rantala <tt.rantala at gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra at chello.nl>
+Cc: davej at redhat.com
+Cc: Paul Mackerras <paulus at samba.org>
+Cc: Arnaldo Carvalho de Melo <acme at ghostprotocols.net>
+Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
+Signed-off-by: Ingo Molnar <mingo at kernel.org>
+---
+(limited to 'kernel/events/core.c')
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7e0962e..4d3124b 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+
+ static int perf_swevent_init(struct perf_event *event)
+ {
+- int event_id = event->attr.config;
++ u64 event_id = event->attr.config;
+
+ if (event->attr.type != PERF_TYPE_SOFTWARE)
+ return -ENOENT;
+--
+cgit v0.9.1
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/f2cdc8a4096f4055ae7ee5d56c34c82c1d2b1f51
More information about the pld-cvs-commit
mailing list