diff options
author | Josh Boyer <jwboyer@redhat.com> | 2014-02-28 11:48:34 -0500 |
---|---|---|
committer | Josh Boyer <jwboyer@redhat.com> | 2014-02-28 11:48:34 -0500 |
commit | 2edcdbfc985724b57a74b996ef5cac8ca1698423 (patch) | |
tree | 45d1769fabf337f34fcb0678968ab7af82f8764f | |
parent | 2323b0271d510cc68f03f30dc43e49e461d5660a (diff) | |
download | kernel-2edcdbfc985724b57a74b996ef5cac8ca1698423.tar.gz kernel-2edcdbfc985724b57a74b996ef5cac8ca1698423.tar.xz kernel-2edcdbfc985724b57a74b996ef5cac8ca1698423.zip |
CVE-2014-0102 keyctl_link can be used to cause an oops (rhbz 1071396)
-rw-r--r-- | kernel.spec | 9 | ||||
-rw-r--r-- | keyring-fix.patch | 17 |
2 files changed, 26 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 6d98d6113..bca5c883c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -634,6 +634,9 @@ Patch25203: dma-debug-account-for-cachelines-and-read-only-mappings.patch #rhbz 1056170 Patch25025: usb-ehci-fix-deadlock-when-threadirqs-option-is-used.patch +#CVE-2014-0102 rhbz 1071396 +Patch25026: keyring-fix.patch + # END OF PATCH DEFINITIONS %endif @@ -1287,6 +1290,9 @@ ApplyPatch dma-debug-account-for-cachelines-and-read-only-mappings.patch #rhbz 1056170 ApplyPatch usb-ehci-fix-deadlock-when-threadirqs-option-is-used.patch +#CVE-2014-0102 rhbz 1071396 +ApplyPatch keyring-fix.patch + # END OF PATCH APPLICATIONS %endif @@ -2066,6 +2072,9 @@ fi # ||----w | # || || %changelog +* Fri Feb 28 2014 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2014-0102 keyctl_link can be used to cause an oops (rhbz 1071396) + * Thu Feb 27 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc4.git2.1 - Linux v3.14-rc4-45-gd2a0476 diff --git a/keyring-fix.patch b/keyring-fix.patch new file mode 100644 index 000000000..6539144e4 --- /dev/null +++ b/keyring-fix.patch @@ -0,0 +1,17 @@ +@@ -, +, @@ +--- +--- a/security/keys/keyring.c ++++ a/security/keys/keyring.c +@@ -1000,7 +1000,11 @@ static int keyring_detect_cycle_iterator(const void *object, + + kenter("{%d}", key->serial); + +- BUG_ON(key != ctx->match_data); ++ /* We might get a keyring with matching index-key that is nonetheless a ++ * different keyring. */ ++ if (key != ctx->match_data) ++ return 0; ++ + ctx->result = ERR_PTR(-EDEADLK); + return 1; + } |