diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-09-03 19:09:47 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-09-03 19:09:47 +0000 |
commit | b0d92bd216ca75ad5d4f42ba400bf7b8a246e29f (patch) | |
tree | df186ebc41afa0912b65d4849359e3a7f9db1c4c | |
parent | 8c5bc4cffdbd632621dc11ca13d7e83af9349a04 (diff) | |
download | src-b0d92bd216ca75ad5d4f42ba400bf7b8a246e29f.tar.gz src-b0d92bd216ca75ad5d4f42ba400bf7b8a246e29f.zip |
- Fix amd64 local privilege escalation. [08:07]
- Fix nmount(2) local privilege escalation. [08:08]
- Fix IPv6 remote kernel panics. [08:09]
Fix for [08:07] is merge of r181823.
Submitted by: kib [08:07], csjp [08:08], bz [08:09]
Reviewed by: peter [08:07], jhb [08:07]
Reviewed by: jinmei [08:09], rwatson [08:09]
Approved by: re (SA blanket)
Approved by: so (simon)
Security: FreeBSD-SA-08:07.amd64
Security: FreeBSD-SA-08:08.nmount
Security: FreeBSD-SA-08:09.icmp6
Notes
Notes:
svn path=/releng/6.3/; revision=182740
-rw-r--r-- | UPDATING | 6 | ||||
-rw-r--r-- | sys/amd64/amd64/exception.S | 9 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/netinet6/icmp6.c | 9 |
4 files changed, 19 insertions, 7 deletions
@@ -8,6 +8,12 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20080903: p4 FreeBSD-SA-08:07.amd64, FreeBSD-SA-08:08.nmount, + FreeBSD-SA-08:09.icmp6 + Fix amd64 local privilege escalation. [08:07] + Fix nmount(2) local privilege escalation. [08:08] + Fix IPv6 remote kernel panics. [08:09] + 20080713: p3 FreeBSD-SA-08:06.bind Improve randomization in BIND to prevent response spoofing. diff --git a/sys/amd64/amd64/exception.S b/sys/amd64/amd64/exception.S index 96089734a16a..d4ed3ed3594d 100644 --- a/sys/amd64/amd64/exception.S +++ b/sys/amd64/amd64/exception.S @@ -526,13 +526,10 @@ doreti_iret: .globl doreti_iret_fault doreti_iret_fault: subq $TF_RIP,%rsp /* space including tf_err, tf_trapno */ - testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ - jz 1f /* already running with kernel GS.base */ - swapgs -1: testl $PSL_I,TF_RFLAGS(%rsp) - jz 2f + testl $PSL_I,TF_RFLAGS(%rsp) + jz 1f sti -2: movq %rdi,TF_RDI(%rsp) +1: movq %rdi,TF_RDI(%rsp) movq %rsi,TF_RSI(%rsp) movq %rdx,TF_RDX(%rsp) movq %rcx,TF_RCX(%rsp) diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 74e9d9e12596..4ca64ed25828 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="6.3" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 34de6eebf74e..edbea4f97320 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1133,6 +1133,15 @@ icmp6_mtudisc_update(ip6cp, validated) if (!validated) return; + /* + * In case the suggested mtu is less than IPV6_MMTU, we + * only need to remember that it was for above mentioned + * "alwaysfrag" case. + * Try to be as close to the spec as possible. + */ + if (mtu < IPV6_MMTU) + mtu = IPV6_MMTU - 8; + bzero(&inc, sizeof(inc)); inc.inc_flags = 1; /* IPv6 */ inc.inc6_faddr = *dst; |