diff options
| author | spz <spz@pkgsrc.org> | 2015-03-10 20:08:43 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2015-03-10 20:08:43 +0000 |
| commit | 6f8982a66939c4837bb16c0ea33b1fc4a932bffd (patch) | |
| tree | 7b0122992987167fe690961225ba5fc13510244f | |
| parent | 2c377e12a2b7488fd78ae479e9bcfeea87af3238 (diff) | |
| download | pkgsrc-6f8982a66939c4837bb16c0ea33b1fc4a932bffd.tar.gz | |
xsa123.patch from upstream:
x86emul: fully ignore segment override for register-only operations
For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.
This is CVE-2015-2151 / XSA-123.
| -rw-r--r-- | sysutils/xenkernel45/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel45/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/xenkernel45/patches/patch-CVE-2015-2151 | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/sysutils/xenkernel45/Makefile b/sysutils/xenkernel45/Makefile index 12038ed4c32..ae19524dd18 100644 --- a/sysutils/xenkernel45/Makefile +++ b/sysutils/xenkernel45/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.4 2015/03/05 14:21:31 spz Exp $ +# $NetBSD: Makefile,v 1.5 2015/03/10 20:08:43 spz Exp $ VERSION= 4.5.0 DISTNAME= xen-${VERSION} PKGNAME= xenkernel45-${VERSION} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel45/distinfo b/sysutils/xenkernel45/distinfo index feecc1e8594..32fec4540df 100644 --- a/sysutils/xenkernel45/distinfo +++ b/sysutils/xenkernel45/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.3 2015/03/05 14:21:31 spz Exp $ +$NetBSD: distinfo,v 1.4 2015/03/10 20:08:43 spz Exp $ SHA1 (xen-4.5.0.tar.gz) = c4aab5fb366496ad1edc7fe0a935a0d604335637 RMD160 (xen-4.5.0.tar.gz) = e35ba0cb484492c1a289218eb9bf53b57dbd3a45 Size (xen-4.5.0.tar.gz) = 18404933 bytes SHA1 (patch-CVE-2015-2044) = 354fe44df0c3b464137f50e2b9de3930f3910c0d SHA1 (patch-CVE-2015-2045) = 98e3f8064b7c190b2ae69c7d4c8f71febf8fbf52 +SHA1 (patch-CVE-2015-2151) = 30344d233eade872fa7062493d754f8bccaf9d2a SHA1 (patch-Config.mk) = a2a104d023cea4e551a3ad40927d4884d6c610bf SHA1 (patch-xen_Makefile) = 750d0c8d4fea14d3ef3f872de5242a1f5104cbbe SHA1 (patch-xen_arch_x86_Rules.mk) = 7b0894ba7311edb02118a021671f304cf3872154 diff --git a/sysutils/xenkernel45/patches/patch-CVE-2015-2151 b/sysutils/xenkernel45/patches/patch-CVE-2015-2151 new file mode 100644 index 00000000000..d05116d3eda --- /dev/null +++ b/sysutils/xenkernel45/patches/patch-CVE-2015-2151 @@ -0,0 +1,20 @@ +$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:08:44 spz Exp $ + +xsa123.patch from upstream: +For ModRM encoded instructions with register operands we must not +overwrite ea.mem.seg (if a - bogus in that case - segment override was +present) as it aliases with ea.reg. + +This is CVE-2015-2151 / XSA-123. + +--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen/arch/x86/x86_emulate/x86_emulate.c +@@ -1756,7 +1756,7 @@ x86_emulate( + } + } + +- if ( override_seg != -1 ) ++ if ( override_seg != -1 && ea.type == OP_MEM ) + ea.mem.seg = override_seg; + + /* Early operand adjustments. */ |