WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-3.1-testing] CVE-2008-0600: Fix exploitable hole in

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.1-testing] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
From: "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Feb 2008 07:11:40 -0800
Delivery-date: Fri, 22 Feb 2008 07:35:21 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1203345191 0
# Node ID c4e0558a0385275bd9ba1086163638c922c596ca
# Parent  69dd582e3850e96c00d5b212e163f6ee6bf80ff7
CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
Fix is Al Viro's suggested patch for RHEL5.
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
linux-2.6.18-xen changeset:   416:08e85e79c65d0316bfda5e77e8a0dc7ab9ca181a
linux-2.6.18-xen date:        Mon Feb 11 11:05:27 2008 +0000
---
 patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d |   18 +++++++++++++++
 patches/linux-2.6.18.8/series                            |    1 
 2 files changed, 19 insertions(+)

diff -r 69dd582e3850 -r c4e0558a0385 
patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d  Mon Feb 18 
14:33:11 2008 +0000
@@ -0,0 +1,22 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser@xxxxxxxxxx>
+# Date 1202727927 0
+# Node ID 08e85e79c65d0316bfda5e77e8a0dc7ab9ca181a
+# Parent  90fbf541d772e9df4e7a4be3ed667d9bac5412c0
+CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
+Fix is Al Viro's suggested patch for RHEL5.
+Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
+
+diff -r 90fbf541d772 -r 08e85e79c65d fs/splice.c
+--- a/fs/splice.c      Mon Feb 11 10:19:25 2008 +0000
++++ b/fs/splice.c      Mon Feb 11 11:05:27 2008 +0000
+@@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const st
+               if (unlikely(!base))
+                       break;
+ 
++              if (unlikely(!access_ok(VERIFY_READ, base, len)))
++                      break;
++
+               /*
+                * Get this base offset and number of pages, then map
+                * in the user pages.
diff -r 69dd582e3850 -r c4e0558a0385 patches/linux-2.6.18.8/series
--- a/patches/linux-2.6.18.8/series     Mon Feb 18 14:29:50 2008 +0000
+++ b/patches/linux-2.6.18.8/series     Mon Feb 18 14:33:11 2008 +0000
@@ -24,3 +24,4 @@ linux-2.6.18-xen-375-748cd890ea7f
 linux-2.6.18-xen-375-748cd890ea7f
 linux-2.6.18-xen-376-353802ec1caf
 linux-2.6.18-xen-405-369b676a3243
+linux-2.6.18-xen-416-08e85e79c65d

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.1-testing] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall., Xen patchbot-3.1-testing <=