Hello community,
here is the log from the commit of package libcgroup1 for openSUSE:11.2
checked in at Fri Mar 4 15:08:26 CET 2011.
--------
--- old-versions/11.2/all/libcgroup1/libcgroup1.changes 2009-08-18 13:41:04.000000000 +0200
+++ 11.2/libcgroup1/libcgroup1.changes 2011-02-28 18:28:24.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Feb 28 18:27:44 CET 2011 - jslaby@suse.de
+
+- verify the sender of netlink messages (bnc#675048, CVE-2011-1022)
+- fix buf overflow (bnc#675506, CVE-2011-1006)
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.2/all/libcgroup1
Destination is old-versions/11.2/UPDATES/all/libcgroup1
calling whatdependson for 11.2-i586
New:
----
cgrulesengd-deny-message-forging.patch
libcgroup-CVE-2011-1006.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcgroup1.spec ++++++
--- /var/tmp/diff_new_pack.5OvRbh/_old 2011-03-04 15:08:15.000000000 +0100
+++ /var/tmp/diff_new_pack.5OvRbh/_new 2011-03-04 15:08:15.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package libcgroup1 (Version 0.34)
+# spec file for package libcgroup1
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,8 +20,8 @@
Name: libcgroup1
Version: 0.34
-Release: 2
-License: LGPL v2.1 only
+Release: 3.<RELEASE3>
+License: LGPLv2.1
Group: System/Management
AutoReqProv: on
Summary: Control groups management tools
@@ -33,6 +33,8 @@
Patch0: libcgroup-sigaction.patch
Patch1: libcgroup-pamlibdir.patch
Patch2: libcgroup-remove-suid.patch
+Patch3: cgrulesengd-deny-message-forging.patch
+Patch4: libcgroup-CVE-2011-1006.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gcc-c++ pam-devel
Requires: insserv pam
@@ -51,7 +53,7 @@
Dhaval Giani
From 0a59ea5e0b2ce466bfd35c9e700094bf09a0310d Mon Sep 17 00:00:00 2001 From: Nelson Elhage
Date: Thu, 17 Feb 2011 20:55:12 -0500 Subject: cgrulesengd: Ignore netlink messages that don't come from the kernel. References: bnc#675048, CVE-2011-1022
recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.
Signed-off-by: Nelson Elhage