summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-06-05 13:23:28 +0800
committerArmin Kuster <akuster808@gmail.com>2015-07-19 16:42:14 -0700
commite3dbf786b143a0d09a9a339aa5f1a66afb6cf90e (patch)
treef55ad12a555c104f9c3c595b40fc1102a1f17ac8
parent0fb90bef8c72bd39574d06c943c7a7220483870b (diff)
downloadmeta-openembedded-e3dbf786b143a0d09a9a339aa5f1a66afb6cf90e.tar.gz
ipsec-tools: Security Advisory - CVE-2015-4047
This fixed the CVE-2015-4047: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Conflicts: meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch36
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb1
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
new file mode 100644
index 000000000..5286376ac
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
@@ -0,0 +1,36 @@
1[PATCH] fix CVE-2015-4047
2
3Upstream-Status: Backport
4
5http://www.openwall.com/lists/oss-security/2015/05/20/1
6
7racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
8a denial of service (NULL pointer dereference and IKE daemon crash) via
9a series of crafted UDP requests.
10
11https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
12
13Signed-off-by: Roy Li <rongqing.li@windriver.com>
14---
15 src/racoon/gssapi.c | 5 +++++
16 1 file changed, 5 insertions(+)
17
18diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
19index e64b201..1ad3b42 100644
20--- a/src/racoon/gssapi.c
21+++ b/src/racoon/gssapi.c
22@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
23 gss_name_t princ, canon_princ;
24 OM_uint32 maj_stat, min_stat;
25
26+ if (iph1->rmconf == NULL) {
27+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
28+ return -1;
29+ }
30+
31 gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
32 if (gps == NULL) {
33 plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
34--
351.9.1
36
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 8cc55ef8a..c526820aa 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
15 file://racoon-check-invalid-ivm.patch \ 15 file://racoon-check-invalid-ivm.patch \
16 file://glibc-2.20.patch \ 16 file://glibc-2.20.patch \
17 file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \ 17 file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
18 file://fix-CVE-2015-4047.patch \
18 " 19 "
19SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41" 20SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
20SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d" 21SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"