diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-12-18 08:54:38 -0500 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-12-18 08:57:18 -0500 |
commit | 5f33e10fd2fc7a7325e82604e56b0d51978b6dfa (patch) | |
tree | 84406b77420f19cd0cc75e67d2a365bfa8a38949 | |
parent | d0296447ec12e60e0b165c1b0fe8738464d5e061 (diff) | |
download | kernel-5f33e10fd2fc7a7325e82604e56b0d51978b6dfa.tar.gz kernel-5f33e10fd2fc7a7325e82604e56b0d51978b6dfa.tar.xz kernel-5f33e10fd2fc7a7325e82604e56b0d51978b6dfa.zip |
CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
-rw-r--r-- | bluetooth-Validate-socket-address-length-in-sco_sock.patch | 27 | ||||
-rw-r--r-- | kernel.spec | 9 |
2 files changed, 36 insertions, 0 deletions
diff --git a/bluetooth-Validate-socket-address-length-in-sco_sock.patch b/bluetooth-Validate-socket-address-length-in-sco_sock.patch new file mode 100644 index 000000000..1ee23fcf4 --- /dev/null +++ b/bluetooth-Validate-socket-address-length-in-sco_sock.patch @@ -0,0 +1,27 @@ +From 5233252fce714053f0151680933571a2da9cbfb4 Mon Sep 17 00:00:00 2001 +From: "David S. Miller" <davem@davemloft.net> +Date: Tue, 15 Dec 2015 15:39:08 -0500 +Subject: [PATCH] bluetooth: Validate socket address length in sco_sock_bind(). + +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/bluetooth/sco.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c +index fe129663bd3f..f52bcbf2e58c 100644 +--- a/net/bluetooth/sco.c ++++ b/net/bluetooth/sco.c +@@ -526,6 +526,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr, + if (!addr || addr->sa_family != AF_BLUETOOTH) + return -EINVAL; + ++ if (addr_len < sizeof(struct sockaddr_sco)) ++ return -EINVAL; ++ + lock_sock(sk); + + if (sk->sk_state != BT_OPEN) { +-- +2.5.0 + diff --git a/kernel.spec b/kernel.spec index b82f95247..e7abafd0a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -671,6 +671,9 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch #CVE-2015-8569 rhbz 1292045 1292047 Patch577: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch +#CVE-2015-8575 rhbz 1292840 1292841 +Patch578: bluetooth-Validate-socket-address-length-in-sco_sock.patch + # END OF PATCH DEFINITIONS %endif @@ -1462,6 +1465,9 @@ ApplyPatch net-add-validation-for-the-socket-syscall-protocol-a.patch #CVE-2015-8569 rhbz 1292045 1292047 ApplyPatch pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch +#CVE-2015-8575 rhbz 1292840 1292841 +ApplyPatch bluetooth-Validate-socket-address-length-in-sco_sock.patch + # END OF PATCH APPLICATIONS %endif @@ -2312,6 +2318,9 @@ fi # # %changelog +* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841) + * Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org> - CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047) |