]> git.proxmox.com Git - pve-kernel-2.6.32.git/commitdiff
projects / pve-kernel-2.6.32.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cee7df4)
fix CVE-2013-2094 stable2.3-fixes
authorDietmar Maurer <dietmar@proxmox.com>
Wed, 15 May 2013 05:14:55 +0000 (07:14 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Wed, 15 May 2013 05:14:55 +0000 (07:14 +0200)
Makefile patch | blob | blame | history
changelog.Debian patch | blob | blame | history
fix-CVE-2013-2094.patch [new file with mode: 0644] patch | blob

diff --git a/Makefile b/Makefile
index a7cf33c56068b5abf333aa3bede9e2698aad6fc5..a97476282ba7ecec9bfcd0b5e92df15bdbbf2570 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 RELEASE=2.3
 
 KERNEL_VER=2.6.32
-PKGREL=95
+PKGREL=96
 # also include firmware of previous versrion into 
 # the fw package:  fwlist-2.6.32-PREV-pve
 KREL=19
@@ -152,6 +152,7 @@ ${KERNEL_SRC}/README: ${KERNEL_SRC}.org/README
        cd ${KERNEL_SRC}; patch -p1 <../fix-aspm-policy.patch
        cd ${KERNEL_SRC}; patch -p1 <../xfs-trans-ail-fix.patch
        cd ${KERNEL_SRC}; patch -p1 <../fix-ipoib-add-missing-lock.patch
+       cd ${KERNEL_SRC}; patch -p1 <../fix-CVE-2013-2094.patch
        #cd ${KERNEL_SRC}; patch -p1 <../optimize-cfq-parameters.patch
        sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
        touch $@
diff --git a/changelog.Debian b/changelog.Debian
index d395027f6030bd309b81f3a289afb5ff0d824dbe..e1ebc3f33d686822a7855d4e9532e5a986f5dab2 100644 (file)
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,3 +1,9 @@
+pve-kernel-2.6.32 (2.6.32-96) unstable; urgency=low
+
+  * fix CVE-2013-2094
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 15 May 2013 07:12:46 +0200
+
 pve-kernel-2.6.32 (2.6.32-95) unstable; urgency=low
 
   * update to vzkernel-2.6.32-042stab076.5.src.rpm
diff --git a/fix-CVE-2013-2094.patch b/fix-CVE-2013-2094.patch
new file mode 100644 (file)
index 0000000..1fbad06
--- /dev/null
+++ b/fix-CVE-2013-2094.patch
@@ -0,0 +1,36 @@
+From 8176cced706b5e5d15887584150764894e94e02f Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tt.rantala@gmail.com>
+Date: Sat, 13 Apr 2013 19:49:14 +0000
+Subject: perf: Treat attr.config as u64 in perf_swevent_init()
+
+Trinity discovered that we fail to check all 64 bits of
+attr.config passed by user space, resulting to out-of-bounds
+access of the perf_swevent_enabled array in
+sw_perf_event_destroy().
+
+Introduced in commit b0a873ebb ("perf: Register PMU
+implementations").
+
+Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Cc: davej@redhat.com
+Cc: Paul Mackerras <paulus@samba.org>
+Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
+Link: http://lkml.kernel.org/r/1365882554-30259-1-git-send-email-tt.rantala@gmail.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+---
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7e0962e..4d3124b 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5331,7 +5331,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+ static int perf_swevent_init(struct perf_event *event)
+ {
+-      int event_id = event->attr.config;
++      u64 event_id = event->attr.config;
+       if (event->attr.type != PERF_TYPE_SOFTWARE)
+               return -ENOENT;
+--
+cgit v0.9.1
Linux Kernel 2.6.32