Commit e7dbf7f2 authored by Bastian Blank's avatar Bastian Blank 🙉

* debian/changelog: Update.

* debian/patches/bugfix/don-t-leak-nt-bit-into-next-task-xen.patch:
  Adopt to Xen changes.
* debian/patches/series/13etch4-extra: Update.

svn path=/dists/etch-security/linux-2.6/; revision=9594
parent bba5874d
......@@ -2,10 +2,13 @@ linux-2.6 (2.6.18.dfsg.1-13etch4) UNRELEASED; urgency=low
* bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
[SECURITY] Zero extend all registers after ptrace in 32-bit entry path
in the Xen kernels.
(Xen).
See CVE-2007-4573
* bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
[SECURITY] Don't leak NT bit into next task (Xen).
See CVE-2006-5755
-- Bastian Blank <waldi@debian.org> Tue, 02 Oct 2007 10:44:28 +0200
-- Bastian Blank <waldi@debian.org> Tue, 02 Oct 2007 11:09:12 +0200
linux-2.6 (2.6.18.dfsg.1-13etch3) stable-security; urgency=high
......
--- linux-2.6.18.6.orig/arch/x86_64/kernel/entry-xen.S
+++ linux-2.6.18.6/arch/x86_64/kernel/entry-xen.S
@@ -146,6 +146,10 @@
/* rdi: prev */
ENTRY(ret_from_fork)
CFI_DEFAULT_STACK
+ push kernel_eflags(%rip)
+ CFI_ADJUST_CFA_OFFSET 4
+ popf # reset kernel eflags
+ CFI_ADJUST_CFA_OFFSET -4
call schedule_tail
GET_THREAD_INFO(%rcx)
testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),threadinfo_flags(%rcx)
--- linux-2.6.18.6.orig/arch/x86_64/kernel/setup64-xen.c
+++ linux-2.6.18.6/arch/x86_64/kernel/setup64-xen.c
@@ -178,6 +178,8 @@ void __cpuinit check_efer(void)
}
}
+unsigned long kernel_eflags;
+
/*
* cpu_init() initializes state that is per-CPU. Some data is already
* initialized (naturally) in the bootstrap process, such as the GDT
@@ -290,4 +292,6 @@ void __cpuinit cpu_init (void)
set_debugreg(0UL, 7);
fpu_init();
+
+ raw_local_save_flags(kernel_eflags);
}
+ bugfix/amd64-zero-extend-32bit-ptrace-xen.patch *_xen *_xen-vserver
+ bugfix/don-t-leak-nt-bit-into-next-task-xen.patch *_xen *_xen-vserver
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment