diff options
| author | spz <spz@pkgsrc.org> | 2015-03-10 20:27:16 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2015-03-10 20:27:16 +0000 |
| commit | c1f80a5974ab061dbe64a59fc30f92073ace8a27 (patch) | |
| tree | 1003a3808cd6c682050c3e3c0914459296441e55 /sysutils | |
| parent | 6f8982a66939c4837bb16c0ea33b1fc4a932bffd (diff) | |
| download | pkgsrc-c1f80a5974ab061dbe64a59fc30f92073ace8a27.tar.gz | |
xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations
For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.
This is CVE-2015-2151 / XSA-123.
Diffstat (limited to 'sysutils')
| -rw-r--r-- | sysutils/xenkernel41/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/xenkernel41/distinfo | 3 | ||||
| -rw-r--r-- | sysutils/xenkernel41/patches/patch-CVE-2015-2151 | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/sysutils/xenkernel41/Makefile b/sysutils/xenkernel41/Makefile index 13b4b2fcaf2..6fdbef578bb 100644 --- a/sysutils/xenkernel41/Makefile +++ b/sysutils/xenkernel41/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.43 2015/03/05 16:37:16 spz Exp $ +# $NetBSD: Makefile,v 1.44 2015/03/10 20:27:16 spz Exp $ VERSION= 4.1.6.1 DISTNAME= xen-${VERSION} PKGNAME= xenkernel41-${VERSION} -PKGREVISION= 14 +PKGREVISION= 15 CATEGORIES= sysutils MASTER_SITES= http://bits.xensource.com/oss-xen/release/${VERSION}/ diff --git a/sysutils/xenkernel41/distinfo b/sysutils/xenkernel41/distinfo index 67208d9c4ae..84ecb8b595c 100644 --- a/sysutils/xenkernel41/distinfo +++ b/sysutils/xenkernel41/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2015/03/05 16:37:16 spz Exp $ +$NetBSD: distinfo,v 1.35 2015/03/10 20:27:16 spz Exp $ SHA1 (xen-4.1.6.1.tar.gz) = e5f15feb0821578817a65ede16110c6eac01abd0 RMD160 (xen-4.1.6.1.tar.gz) = bff11421fc44a26f2cc3156713267abcb36d7a19 @@ -27,6 +27,7 @@ SHA1 (patch-CVE-2014-8867) = 576433746660f62b753088a66c5315a1a2ff8f76 SHA1 (patch-CVE-2014-9030) = f52c302585b0f4b074f7562e6b8cddacb26deee4 SHA1 (patch-CVE-2015-2044) = 00d32273d0a9f51927ff94a13f916382c3126e60 SHA1 (patch-CVE-2015-2045) = e1874bbde0cce7db4ee9260440f5280d404027d7 +SHA1 (patch-CVE-2015-2151) = aed92f50d162febc3074f7edecaf6ca418d0b42c SHA1 (patch-Config.mk) = a43ed1b3304d6383dc093acd128a7f373d0ca266 SHA1 (patch-xen_Makefile) = d1c7e4860221f93d90818f45a77748882486f92b SHA1 (patch-xen_arch_x86_Rules.mk) = 6b9b4bfa28924f7d3f6c793a389f1a7ac9d228e2 diff --git a/sysutils/xenkernel41/patches/patch-CVE-2015-2151 b/sysutils/xenkernel41/patches/patch-CVE-2015-2151 new file mode 100644 index 00000000000..9334467e331 --- /dev/null +++ b/sysutils/xenkernel41/patches/patch-CVE-2015-2151 @@ -0,0 +1,22 @@ +$NetBSD: patch-CVE-2015-2151,v 1.1 2015/03/10 20:27:16 spz Exp $ + +xsa123-4.3-4.2.patch from upstream: +x86emul: fully ignore segment override for register-only operations + +For ModRM encoded instructions with register operands we must not +overwrite ea.mem.seg (if a - bogus in that case - segment override was +present) as it aliases with ea.reg. + +This is CVE-2015-2151 / XSA-123. + +--- xen/arch/x86/x86_emulate/x86_emulate.c.orig 2015-03-10 20:10:23.000000000 +0000 ++++ xen/arch/x86/x86_emulate/x86_emulate.c +@@ -1462,7 +1462,7 @@ x86_emulate( + } + } + +- if ( override_seg != -1 ) ++ if ( override_seg != -1 && ea.type == OP_MEM ) + ea.mem.seg = override_seg; + + /* Decode and fetch the source operand: register, memory or immediate. */ |