[kernel/f18] CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
Josh Boyer
jwboyer at fedoraproject.org
Thu Mar 7 12:59:14 UTC 2013
commit 2926c94913f8ef1cbf3a6499bc71598b8716cadf
Author: Josh Boyer <jwboyer at redhat.com>
Date: Thu Mar 7 07:56:22 2013 -0500
CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
kernel.spec | 10 +++++++++-
...ace-with-concurrent-install_user_keyrings.patch | 15 +++++++++++++++
2 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index a9a0b7f..ec8ad44 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 204
+%global baserelease 205
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -759,6 +759,9 @@ Patch22264: efi-fixes-3.8.patch
#rhbz 918512 918521
Patch22265: crypto-user-fix-info-leaks-in-report-API.patch
+# CVE-2013-1792 rhbz 916646,919021
+Patch22266: keys-fix-race-with-concurrent-install_user_keyrings.patch
+
#rhbz 812111
Patch24000: alps.patch
@@ -1483,6 +1486,8 @@ ApplyPatch userns-avoid-recursion-in-put_user_ns.patch
#rhbz 859346
ApplyPatch fix-destroy_conntrack-GPF.patch
+# CVE-2013-1792 rhbz 916646,919021
+ApplyPatch keys-fix-race-with-concurrent-install_user_keyrings.patch
# END OF PATCH APPLICATIONS
@@ -2341,6 +2346,9 @@ fi
# ||----w |
# || ||
%changelog
+* Thu Mar 07 2013 Josh Boyer <jwboyer at redhat.com>
+- CVE-2013-1792 keys: race condition in install_user_keyrings (rhbz 916646 919021)
+
* Wed Mar 06 2013 Justin M. Forbes <jforbes at redhat.com>
- Remove Ricoh multifunction DMAR patch as it's no longer needed (rhbz 880051)
- Fix destroy_conntrack GPF (rhbz 859346)
diff --git a/keys-fix-race-with-concurrent-install_user_keyrings.patch b/keys-fix-race-with-concurrent-install_user_keyrings.patch
new file mode 100644
index 0000000..ba7b30a
--- /dev/null
+++ b/keys-fix-race-with-concurrent-install_user_keyrings.patch
@@ -0,0 +1,15 @@
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index 58dfe08..c5ec083 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -57,7 +57,7 @@ int install_user_keyrings(void)
+
+ kenter("%p{%u}", user, uid);
+
+- if (user->uid_keyring) {
++ if (user->uid_keyring && user->session_keyring) {
+ kleave(" = 0 [exist]");
+ return 0;
+ }
+
+
\ No newline at end of file
More information about the scm-commits
mailing list