diff -u virtualbox-ose-3.1.6-dfsg/debian/changelog virtualbox-ose-3.1.6-dfsg/debian/changelog --- virtualbox-ose-3.1.6-dfsg/debian/changelog +++ virtualbox-ose-3.1.6-dfsg/debian/changelog @@ -1,3 +1,12 @@ +virtualbox-ose (3.1.6-dfsg-2ubuntu2.1) lucid-security; urgency=low + + * SECURITY UPDATE: Missing privilege check for task gate switches + (LP: #1044634) + - debian/patches/cve-2012-3221.dpatch: patch from upstream + - CVE-2012-3221 + + -- Felix Geyer Fri, 26 Oct 2012 14:38:37 +0200 + virtualbox-ose (3.1.6-dfsg-2ubuntu2) lucid; urgency=low * Disable Launchpad integration for the stable release. diff -u virtualbox-ose-3.1.6-dfsg/debian/patches/00list virtualbox-ose-3.1.6-dfsg/debian/patches/00list --- virtualbox-ose-3.1.6-dfsg/debian/patches/00list +++ virtualbox-ose-3.1.6-dfsg/debian/patches/00list @@ -14,0 +15 @@ +cve-2012-3221.dpatch only in patch2: unchanged: --- virtualbox-ose-3.1.6-dfsg.orig/debian/patches/cve-2012-3221.dpatch +++ virtualbox-ose-3.1.6-dfsg/debian/patches/cve-2012-3221.dpatch @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: recompiler: Missing privilege check for task gate switches +# Fixes kernel panic when invoking the double fault handler from user space +# on Linux and maybe other guests +# Origin: upstream, https://www.virtualbox.org/changeset/43068/vbox + +@DPATCH@ +--- virtualbox-4.1.18-dfsg.orig/src/recompiler/target-i386/op_helper.c 2012-06-20 09:20:29.000000000 -0400 ++++ virtualbox-4.1.18-dfsg/src/recompiler/target-i386/op_helper.c 2012-10-18 16:39:20.647324489 -0400 +@@ -872,6 +872,13 @@ + type = (e2 >> DESC_TYPE_SHIFT) & 0x1f; + switch(type) { + case 5: /* task gate */ ++#ifdef VBOX ++ dpl = (e2 >> DESC_DPL_SHIFT) & 3; ++ cpl = env->hflags & HF_CPL_MASK; ++ /* check privilege if software int */ ++ if (is_int && dpl < cpl) ++ raise_exception_err(EXCP0D_GPF, intno * 8 + 2); ++#endif + /* must do that check here to return the correct error code */ + if (!(e2 & DESC_P_MASK)) + raise_exception_err(EXCP0B_NOSEG, intno * 8 + 2);