[kernel/f17] CVE-2012-2119 macvtap: zerocopy: vector length is not validated before pinning user pages (rhbz 8142
Justin M. Forbes
jforbes at fedoraproject.org
Thu Apr 19 21:11:41 UTC 2012
commit 3490e9bb740f709ad7ed88fd65554a1251c1d910
Author: Justin M. Forbes <jforbes at redhat.com>
Date: Thu Apr 19 16:12:54 2012 -0500
CVE-2012-2119 macvtap: zerocopy: vector length is not validated before pinning user pages (rhbz 814278 814289)
kernel.spec | 18 ++++++++++++++----
mod-extra.list | 5 -----
2 files changed, 14 insertions(+), 9 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index eb7e7b6..df20b46 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -801,9 +801,11 @@ Patch22000: weird-root-dentry-name-debug.patch
#selinux ptrace child permissions
Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
-#rhbz 814149 814155
+#rhbz 814149 814155 CVE-2012-2121
Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
+#rhbz 814278 814289 CVE-2012-2119
+Patch22007: macvtap-zerocopy-validate-vector-length.patch
# END OF PATCH DEFINITIONS
@@ -1559,9 +1561,12 @@ ApplyPatch vgaarb-vga_default_device.patch
ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch
ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch
-#rhbz 814149 814155
+#rhbz 814149 814155 CVE-2012-2121
ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
+#rhbz 814278 814289 CVE-2012-2119
+ApplyPatch macvtap-zerocopy-validate-vector-length.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -1854,7 +1859,7 @@ BuildKernel() {
for mod in `echo $depends | sed -e 's/,/ /g'`
do
match=`grep "^$mod.ko" mod-extra.list` ||:
- if [ -n "$match" ]
+ if [ -z "$match" ]
then
continue
else
@@ -2407,7 +2412,12 @@ fi
# '-'
%changelog
* Thu Apr 19 2012 Justin M. Forbes <jforbes at redhat.com>
-- Fix KVM device assignment page leak
+- CVE-2012-2119 macvtap: zerocopy: vector length is not validated before
+ pinning user pages (rhbz 814278 814289)
+- Back out dlm module move (rhbz 811547)
+
+* Thu Apr 19 2012 Justin M. Forbes <jforbes at redhat.com>
+- Fix KVM device assignment page leak (rhbz 814149 814155)
* Wed Apr 18 2012 Josh Boyer <jwboyer at redhat.com>
- Fix hfsplus bless ioctl with hardlinks (from Matthew Garrett)
diff --git a/mod-extra.list b/mod-extra.list
index e6c8496..f5a4f60 100644
--- a/mod-extra.list
+++ b/mod-extra.list
@@ -15,7 +15,6 @@ dccp_ipv4.ko
dccp_ipv6.ko
dccp.ko
dccp_probe.ko
-dlm.ko
sctp.ko
sctp_probe.ko
rds.ko
@@ -148,11 +147,7 @@ uio_pci_generic.ko
gfs2.ko
ocfs2.ko
ocfs2_dlm.ko
-ocfs2_dlmfs.ko
-ocfs2_nodemanager.ko
ocfs2_stackglue.ko
-ocfs2_stack_o2cb.ko
-ocfs2_stack_user.ko
cuse.ko
affs.ko
befs.ko
More information about the scm-commits
mailing list