diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-12-11 07:37:18 -0500 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-12-11 07:37:18 -0500 |
| commit | b930873422e3a3f44e254f3fa6c8d6e2f5232973 (patch) | |
| tree | c7577799bf91424a735f1d852810e6b7bc09f658 | |
| parent | 135e50590974369a5415808badc7a2956bc290a8 (diff) | |
| download | kernel-b930873422e3a3f44e254f3fa6c8d6e2f5232973.tar.gz kernel-b930873422e3a3f44e254f3fa6c8d6e2f5232973.tar.xz kernel-b930873422e3a3f44e254f3fa6c8d6e2f5232973.zip | |
Linux v4.3.2
| -rw-r--r-- | X.509-Fix-the-time-validation-ver-3.patch | 79 | ||||
| -rw-r--r-- | kernel.spec | 8 | ||||
| -rw-r--r-- | sources | 2 |
3 files changed, 5 insertions, 84 deletions
diff --git a/X.509-Fix-the-time-validation-ver-3.patch b/X.509-Fix-the-time-validation-ver-3.patch deleted file mode 100644 index a4056d878..000000000 --- a/X.509-Fix-the-time-validation-ver-3.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 5cfd0a0f7cbc6bc9833b8a1bb5acb6056c9c53d9 Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Thu, 12 Nov 2015 11:38:40 +0000 -Subject: [PATCH] X.509: Fix the time validation [ver #3] - -This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards. - -Fix the X.509 time validation to use month number-1 when looking up the -number of days in that month. Also put the month number validation before -doing the lookup so as not to risk overrunning the array. - -This can be tested by doing the following: - -cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s ------BEGIN CERTIFICATE----- -MIIDbjCCAlagAwIBAgIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAMCkxETAPBgNV -BAoMCGxvY2FsLWNhMRQwEgYDVQQDDAtzaWduaW5nIGtleTAeFw0xNTA5MDEyMTMw -MThaFw0xNjA4MzEyMTMwMThaMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQwEgYDVQQD -DAtzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrn -crcMfMeG67nagX4+m02Xk9rkmsMKI5XTUxbikROe7GSUVJ27sPVPZp4mgzoWlvhh -jfK8CC/qhEhwep8Pgg4EJZyWOjhZb7R97ckGvLIoUC6IO3FC2ZnR7WtmWDgo2Jcj -VlXwJdHhKU1VZwulh81O61N8IBKqz2r/kDhIWiicUCUkI/Do/RMRfKAoDBcSh86m -gOeIAGfq62vbiZhVsX5dOE8Oo2TK5weAvwUIOR7OuGBl5AqwFlPnXQolewiHzKry -THg9e44HfzG4Mi6wUvcJxVaQT1h5SrKD779Z5+8+wf1JLaooetcEUArvWyuxCU59 -qxA4lsTjBwl4cmEki+cCAwEAAaOBmDCBlTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE -AwIHgDAdBgNVHQ4EFgQUyND/eKUis7ep/hXMJ8iZMdUhI+IwWQYDVR0jBFIwUIAU -yND/eKUis7ep/hXMJ8iZMdUhI+KhLaQrMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQw -EgYDVQQDDAtzaWduaW5nIGtleYIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAA4IB -AQAMqm1N1yD5pimUELLhT5eO2lRdGUfTozljRxc7e2QT3RLk2TtGhg65JFFN6eml -XS58AEPVcAsSLDlR6WpOpOLB2giM0+fV/eYFHHmh22yqTJl4YgkdUwyzPdCHNOZL -hmSKeY9xliHb6PNrNWWtZwhYYvRaO2DX4GXOMR0Oa2O4vaYu6/qGlZOZv3U6qZLY -wwHEJSrqeBDyMuwN+eANHpoSpiBzD77S4e+7hUDJnql4j6xzJ65+nWJ89fCrQypR -4sN5R3aGeIh3QAQUIKpHilwek0CtEaYERgc5m+jGyKSc1rezJW62hWRTaitOc+d5 -G5hh+9YpnYcxQHEKnZ7rFNKJ ------END CERTIFICATE----- -EOF - -If the patch works, the above should emit a key ID from the new key being -accepted; without the patch, it will give a bad message error. - -Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com> -Signed-off-by: David Howells <dhowells@redhat.com> -Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com> -Acked-by: David Woodhouse <David.Woodhouse@intel.com> ---- - crypto/asymmetric_keys/x509_cert_parser.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c -index af71878dc15b..ddde54c45ff7 100644 ---- a/crypto/asymmetric_keys/x509_cert_parser.c -+++ b/crypto/asymmetric_keys/x509_cert_parser.c -@@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, - if (*p != 'Z') - goto unsupported_time; - -- mon_len = month_lengths[mon]; -+ if (year < 1970 || -+ mon < 1 || mon > 12) -+ goto invalid_time; -+ -+ mon_len = month_lengths[mon - 1]; - if (mon == 2) { - if (year % 4 == 0) { - mon_len = 29; -@@ -543,9 +547,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, - } - } - -- if (year < 1970 || -- mon < 1 || mon > 12 || -- day < 1 || day > mon_len || -+ if (day < 1 || day > mon_len || - hour < 0 || hour > 23 || - min < 0 || min > 59 || - sec < 0 || sec > 59) --- -2.4.3 - diff --git a/kernel.spec b/kernel.spec index be7ca86f7..979f051c9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -52,7 +52,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 1 +%define stable_update 2 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -604,9 +604,6 @@ Patch552: megaraid_sas-Do-not-use-PAGE_SIZE-for-max_sectors.patch #rhbz 1275490 Patch553: ideapad-laptop-Add-Lenovo-Yoga-900-to-no_hw_rfkill-d.patch -#CVE-2015-5327 -Patch554: X.509-Fix-the-time-validation-ver-3.patch - #rhbz 1279189 Patch556: netfilter-ipset-Fix-extension-alignment.patch Patch557: netfilter-ipset-Fix-hash-type-expiration.patch @@ -2076,6 +2073,9 @@ fi # # %changelog +* Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org> +- Linux v4.3.2 + * Thu Dec 10 2015 Laura Abbott <labbott@redhat.com> - Ignore errors from scsi_dh_add_device (rhbz 1288687) @@ -1,3 +1,3 @@ 58b35794eee3b6d52ce7be39357801e7 linux-4.3.tar.xz 7c516c9528b9f9aac0136944b0200b7e perf-man-4.3.tar.gz -6c2dcd8d314f687f317b44820151dd92 patch-4.3.1.xz +3a465c7cf55ec9dbf2d72d9292aa5fde patch-4.3.2.xz |