Mailinglist Archive: opensuse-commit (849 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package libcgroup1 for openSUSE:11.3
checked in at Fri Mar 4 15:09:36 CET 2011.



--------
--- old-versions/11.3/all/libcgroup1/libcgroup1.changes 2010-06-04 
15:39:10.000000000 +0200
+++ 11.3/libcgroup1/libcgroup1.changes  2011-02-28 18:26:31.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Feb 28 18:25:33 CET 2011 - jslaby@xxxxxxx
+
+- verify the sender of netlink messages (bnc#675048, CVE-2011-1022)
+- fix buf overflow (bnc#675506, CVE-2011-1006)
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.3/all/libcgroup1
Destination is old-versions/11.3/UPDATES/all/libcgroup1
calling whatdependson for 11.3-i586


New:
----
  cgrulesengd-deny-message-forging.patch
  libcgroup-CVE-2011-1006.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcgroup1.spec ++++++
--- /var/tmp/diff_new_pack.aOX0in/_old  2011-03-04 15:08:46.000000000 +0100
+++ /var/tmp/diff_new_pack.aOX0in/_new  2011-03-04 15:08:46.000000000 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package libcgroup1 (Version 0.36.2)
+# spec file for package libcgroup1
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 
 Name:           libcgroup1
 Version:        0.36.2
-Release:        1
+Release:        2.<RELEASE2>
 License:        LGPLv2.1
 Group:          System/Management
 AutoReqProv:    on
@@ -31,6 +31,8 @@
 Source2:        initd_cgred
 Source3:        sysconfig.cgred
 Source99:       baselibs.conf
+Patch0:         cgrulesengd-deny-message-forging.patch
+Patch1:         libcgroup-CVE-2011-1006.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison flex gcc-c++ pam-devel pkg-config
 Requires:       insserv pam
@@ -69,6 +71,8 @@
 
 %prep
 %setup -n libcgroup-%{version}.rc
+%patch0 -p1
+%patch1 -p1
 
 %build
 %configure --enable-pam-module-dir=/%{_lib}/security

++++++ cgrulesengd-deny-message-forging.patch ++++++
> From 0a59ea5e0b2ce466bfd35c9e700094bf09a0310d Mon Sep 17 00:00:00 2001
From: Nelson Elhage <nelhage@xxxxxxxxxxx>
Date: Thu, 17 Feb 2011 20:55:12 -0500
Subject: cgrulesengd: Ignore netlink messages that don't come from the kernel.
References: bnc#675048, CVE-2011-1022

recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.

Signed-off-by: Nelson Elhage <nelhage@xxxxxxxxxxx>
Signed-off-by: Jan Safranek <jsafrane@xxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
 src/daemon/cgrulesengd.c |   11 ++++-------
 1 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 10fd2cd..5a965fd 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
        struct sockaddr_nl from_nla;
        socklen_t from_nla_len;
        struct nlmsghdr *nlh;
-       struct sockaddr_nl kern_nla;
        struct cn_msg *cn_hdr;
 
-       kern_nla.nl_family = AF_NETLINK;
-       kern_nla.nl_groups = CN_IDX_PROC;
-       kern_nla.nl_pid = 1;
-       kern_nla.nl_pad = 0;
-
        memset(buff, 0, sizeof(buff));
        from_nla_len = sizeof(from_nla);
-       memcpy(&from_nla, &kern_nla, sizeof(from_nla));
        recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0,
                (struct sockaddr *)&from_nla, &from_nla_len);
        if (recv_len == ENOBUFS) {
@@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
        if (recv_len < 1)
                return 0;
 
+       if (from_nla.nl_groups != CN_IDX_PROC
+           || from_nla.nl_pid != 0)
+               return 0;
+
        nlh = (struct nlmsghdr *)buff;
        while (NLMSG_OK(nlh, recv_len)) {
                cn_hdr = NLMSG_DATA(nlh);
-- 
1.7.4.1

++++++ libcgroup-CVE-2011-1006.patch ++++++
> From 5ae8aea1ecd60c439121d3329d8eaabf13d292c1 Mon Sep 17 00:00:00 2001
From: Jan Safranek <jsafrane@xxxxxxxxxx>
Date: Tue, 1 Mar 2011 13:11:35 +0100
Subject: Fix buffer overflow when processing list of controllers from command 
line (CVE-2011-1006).
Git-commit: 5ae8aea1ecd60c439121d3329d8eaabf13d292c1
Patch-mainline: yes
References: bnc#675506, CVE-2011-1006

Thanks to Nelson Elhage for reporting this issue.

Signed-off-by: Jan Safranek <jsafrane@xxxxxxxxxx>
Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
 src/tools/tools-common.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/tools/tools-common.c b/src/tools/tools-common.c
index 4beffcd..7d633be 100644
--- a/src/tools/tools-common.c
+++ b/src/tools/tools-common.c
@@ -79,7 +79,7 @@ int parse_cgroup_spec(struct cgroup_group_spec **cdptr, char 
*optarg,
                        }
                }
                j++;
-       } while (temp);
+       } while (temp && j<CG_CONTROLLER_MAX-1);
 
        /* Store path to the cgroup */
        strncpy(cdptr[i]->path, pathptr, FILENAME_MAX);
-- 
1.7.4.1


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx