diff options
| author | Josh Boyer <jwboyer@redhat.com> | 2013-06-06 08:24:07 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@redhat.com> | 2013-06-06 08:24:31 -0400 |
| commit | 5a0fdd92dca3d5a4265f6db6dc53fb541d2c9825 (patch) | |
| tree | ee6c3df82a4413adb56a1999e0d81009d1c4b15c | |
| parent | fa81d1f8325433f5a97a1e02be5bd06f4ea7c6ec (diff) | |
| download | kernel-5a0fdd92dca3d5a4265f6db6dc53fb541d2c9825.tar.gz kernel-5a0fdd92dca3d5a4265f6db6dc53fb541d2c9825.tar.xz kernel-5a0fdd92dca3d5a4265f6db6dc53fb541d2c9825.zip | |
CVE-2013-2148 fanotify: info leak in copy_event_to_user (rhbz 971258 971261)
| -rw-r--r-- | fanotify-info-leak-in-copy_event_to_user.patch | 14 | ||||
| -rw-r--r-- | kernel.spec | 7 |
2 files changed, 21 insertions, 0 deletions
diff --git a/fanotify-info-leak-in-copy_event_to_user.patch b/fanotify-info-leak-in-copy_event_to_user.patch new file mode 100644 index 00000000..92b218b1 --- /dev/null +++ b/fanotify-info-leak-in-copy_event_to_user.patch @@ -0,0 +1,14 @@ +diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c +index 6c80083..77cc85d 100644 +--- a/fs/notify/fanotify/fanotify_user.c ++++ b/fs/notify/fanotify/fanotify_user.c +@@ -122,6 +122,7 @@ static int fill_event_metadata(struct fsnotify_group *group, + metadata->event_len = FAN_EVENT_METADATA_LEN; + metadata->metadata_len = FAN_EVENT_METADATA_LEN; + metadata->vers = FANOTIFY_METADATA_VERSION; ++ metadata->reserved = 0; + metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; + metadata->pid = pid_vnr(event->tgid); + if (unlikely(event->mask & FAN_Q_OVERFLOW)) + +
\ No newline at end of file diff --git a/kernel.spec b/kernel.spec index b1fbc0ba..6e0d719a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -748,6 +748,9 @@ Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch #CVE-2013-2147 rhbz 971242 971249 Patch25032: cve-2013-2147-ciss-info-leak.patch +#CVE-2013-2148 rhbz 971258 971261 +Patch25033: fanotify-info-leak-in-copy_event_to_user.patch + # END OF PATCH DEFINITIONS %endif @@ -1439,6 +1442,9 @@ ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch #CVE-2013-2147 rhbz 971242 971249 ApplyPatch cve-2013-2147-ciss-info-leak.patch +#CVE-2013-2148 rhbz 971258 971261 +ApplyPatch fanotify-info-leak-in-copy_event_to_user.patch + # END OF PATCH APPLICATIONS %endif @@ -2245,6 +2251,7 @@ fi # || || %changelog * Thu Jun 06 2013 Josh Boyer <jwboyer@redhat.com> +- CVE-2013-2148 fanotify: info leak in copy_event_to_user (rhbz 971258 971261) - CVE-2013-2147 cpqarray/cciss: information leak via ioctl (rhbz 971242 971249) * Wed Jun 05 2013 Josh Boyer <jwboyer@redhat.com> |