diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-12 15:05:09 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-13 15:16:56 +0000 |
| commit | 4fb83db8142b3472ec4e2be98be9420c0c8e1060 (patch) | |
| tree | 89b6c1e0b496af0d4186639d80643edebeeec8ff /main | |
| parent | 96b32d67027b747a4803132684ff6a3755f3935a (diff) | |
| download | aports-4fb83db8142b3472ec4e2be98be9420c0c8e1060.tar.bz2 aports-4fb83db8142b3472ec4e2be98be9420c0c8e1060.tar.xz | |
main/linux-grsec: fix CVE-2013-4348
Diffstat (limited to 'main')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
| -rw-r--r-- | main/linux-grsec/CVE-2013-4348.patch | 35 |
2 files changed, 40 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 10511c93c8..5e3559ab6e 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -27,6 +27,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch fix-memory-map-for-PIE-applications.patch sysctl_lxc.patch + CVE-2013-4348.patch kernelconfig.x86 kernelconfig.x86_64 @@ -161,6 +162,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch +09ae7985af988c75ff35ed503558eb8b CVE-2013-4348.patch cb5c938dccbee36cfb8bb7ee3546b8af kernelconfig.x86 daa81b89f18254155ac33c5239abf3a4 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz @@ -174,6 +176,7 @@ ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use- fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584 sysctl_lxc.patch +39acdfc0bb2298e3a9ba62ee42ac2b6556fc31d8eaa2c085f84897cdeaa1a996 CVE-2013-4348.patch 3e6c4101bfb90b6a30173ef81cd0d0bea51d6a995fc045ca67db7fed271d969d kernelconfig.x86 da67ef700372d080bffb12a86f0a16c987dc79e18fdfb1a88d2704660239e5f0 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz @@ -187,5 +190,6 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23 sysctl_lxc.patch +6c5165692519c630cb96a254088e55d4d7412bd0f45920c0bf514dd9c68d24625da91798158fe502b6c214a7b8d44ae6b2e49b39aed6da3c1344f816f90405a3 CVE-2013-4348.patch e81d6780a33f00d5ee03b069fc3610da2eda3ba43e515707ae67cd2d609a226b18e9ec446eeacd2afaafe6aa480bb30b9908cce41e0d90f1a3b41e7daf2034c5 kernelconfig.x86 01e38549e92a98f041cb7ee1fec04a35d55322eff718fce6cd5774b60d0db287478ca034309e3dbd06b0194a2ec4b67584ef281018c16681a0ac7ac0fdc7c3ba kernelconfig.x86_64" diff --git a/main/linux-grsec/CVE-2013-4348.patch b/main/linux-grsec/CVE-2013-4348.patch new file mode 100644 index 0000000000..cce1592eb8 --- /dev/null +++ b/main/linux-grsec/CVE-2013-4348.patch @@ -0,0 +1,35 @@ +From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Fri, 01 Nov 2013 07:01:10 +0000 +Subject: net: flow_dissector: fail on evil iph->ihl + +We don't validate iph->ihl which may lead a dead loop if we meet a IPIP +skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl +is evil (less than 5). + +This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae +(rps: support IPIP encapsulation). + +Cc: Eric Dumazet <edumazet@google.com> +Cc: Petr Matousek <pmatouse@redhat.com> +Cc: Michael S. Tsirkin <mst@redhat.com> +Cc: Daniel Borkmann <dborkman@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +Acked-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- +diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c +index 8d7d0dd..143b6fd 100644 +--- a/net/core/flow_dissector.c ++++ b/net/core/flow_dissector.c +@@ -40,7 +40,7 @@ again: + struct iphdr _iph; + ip: + iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); +- if (!iph) ++ if (!iph || iph->ihl < 5) + return false; + + if (ip_is_fragment(iph)) +-- +cgit v0.9.2 |