[Glibc-bsd-commits] r5766 - in trunk/kfreebsd-10/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Wed Aug 26 18:57:42 UTC 2015
Author: stevenc-guest
Date: 2015-08-26 18:57:42 +0000 (Wed, 26 Aug 2015)
New Revision: 5766
Added:
trunk/kfreebsd-10/debian/patches/SA-15_21.amd64.patch
Modified:
trunk/kfreebsd-10/debian/changelog
trunk/kfreebsd-10/debian/patches/series
Log:
Pick SVN r287146 from FreeBSD 10.1-RELEASE:
- SA-15:21: Fix local privilege escalation in IRET handler.
(CVE-2015-5675) (Closes: #796996)
Modified: trunk/kfreebsd-10/debian/changelog
===================================================================
--- trunk/kfreebsd-10/debian/changelog 2015-08-25 18:43:01 UTC (rev 5765)
+++ trunk/kfreebsd-10/debian/changelog 2015-08-26 18:57:42 UTC (rev 5766)
@@ -1,8 +1,13 @@
-kfreebsd-10 (10.1~svn274115-10) UNRELEASED; urgency=medium
+kfreebsd-10 (10.1~svn274115-10) UNRELEASED; urgency=high
[ Christoph Egger ]
* Make kfreebsd-source multi-arch foreign
+ [ Steven Chamberlain ]
+ * Pick SVN r287146 from FreeBSD 10.1-RELEASE:
+ - SA-15:21: Fix local privilege escalation in IRET handler.
+ (CVE-2015-5675) (Closes: #796996)
+
-- Steven Chamberlain <steven at pyro.eu.org> Sat, 22 Aug 2015 00:58:41 +0100
kfreebsd-10 (10.1~svn274115-9) unstable; urgency=medium
Added: trunk/kfreebsd-10/debian/patches/SA-15_21.amd64.patch
===================================================================
--- trunk/kfreebsd-10/debian/patches/SA-15_21.amd64.patch (rev 0)
+++ trunk/kfreebsd-10/debian/patches/SA-15_21.amd64.patch 2015-08-26 18:57:42 UTC (rev 5766)
@@ -0,0 +1,56 @@
+Description:
+ Fix local privilege escalation in IRET handler. [SA-15:21]
+ (CVE-2015-5675)
+Origin: vendor, https://security.FreeBSD.org/patches/SA-15:21/amd64.patch
+Bug: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
+Bug-Debian: https://bugs.debian.org/796996
+Applied-Upstream: https://svnweb.freebsd.org/base?view=revision&revision=287146
+
+--- a/sys/amd64/amd64/exception.S
++++ b/sys/amd64/amd64/exception.S
+@@ -154,9 +154,13 @@
+ IDTVEC(tss)
+ TRAP_ERR(T_TSSFLT)
+ IDTVEC(missing)
+- TRAP_ERR(T_SEGNPFLT)
++ subq $TF_ERR,%rsp
++ movl $T_SEGNPFLT,TF_TRAPNO(%rsp)
++ jmp prot_addrf
+ IDTVEC(stk)
+- TRAP_ERR(T_STKFLT)
++ subq $TF_ERR,%rsp
++ movl $T_STKFLT,TF_TRAPNO(%rsp)
++ jmp prot_addrf
+ IDTVEC(align)
+ TRAP_ERR(T_ALIGNFLT)
+
+@@ -319,6 +323,7 @@
+ IDTVEC(prot)
+ subq $TF_ERR,%rsp
+ movl $T_PROTFLT,TF_TRAPNO(%rsp)
++prot_addrf:
+ movq $0,TF_ADDR(%rsp)
+ movq %rdi,TF_RDI(%rsp) /* free up a GP register */
+ leaq doreti_iret(%rip),%rdi
+--- a/sys/amd64/amd64/machdep.c
++++ b/sys/amd64/amd64/machdep.c
+@@ -433,6 +433,7 @@
+ regs->tf_rflags &= ~(PSL_T | PSL_D);
+ regs->tf_cs = _ucodesel;
+ regs->tf_ds = _udatasel;
++ regs->tf_ss = _udatasel;
+ regs->tf_es = _udatasel;
+ regs->tf_fs = _ufssel;
+ regs->tf_gs = _ugssel;
+--- a/sys/amd64/amd64/trap.c
++++ b/sys/amd64/amd64/trap.c
+@@ -457,8 +457,6 @@
+ goto out;
+
+ case T_STKFLT: /* stack fault */
+- break;
+-
+ case T_PROTFLT: /* general protection fault */
+ case T_SEGNPFLT: /* segment not present fault */
+ if (td->td_intr_nesting_level != 0)
+
Modified: trunk/kfreebsd-10/debian/patches/series
===================================================================
--- trunk/kfreebsd-10/debian/patches/series 2015-08-25 18:43:01 UTC (rev 5765)
+++ trunk/kfreebsd-10/debian/patches/series 2015-08-26 18:57:42 UTC (rev 5766)
@@ -47,3 +47,4 @@
SA-15_13.tcp.patch
SA-15_15.tcp.patch
EN-15_07.zfs.patch
+SA-15_21.amd64.patch
More information about the Glibc-bsd-commits
mailing list