summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-daemons
diff options
context:
space:
mode:
authorCatalin Enache <catalin.enache@windriver.com>2016-04-20 18:59:16 +0300
committerJoe MacDonald <joe_macdonald@mentor.com>2016-05-05 11:41:29 -0400
commitf79a851b64ead15476d60012ff657c2329b00220 (patch)
treeba5ee005995ed7007eada8743c5eaaef17e1c682 /meta-networking/recipes-daemons
parent275b6c30fbe4f2e6d8c607e9f2eedd5c230c0802 (diff)
downloadmeta-openembedded-f79a851b64ead15476d60012ff657c2329b00220.tar.gz
squid: CVE-2016-3947
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking/recipes-daemons')
-rw-r--r--meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch48
-rw-r--r--meta-networking/recipes-daemons/squid/squid_3.5.7.bb1
2 files changed, 49 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
new file mode 100644
index 000000000..c83e6ab51
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
@@ -0,0 +1,48 @@
1From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001
2From: Catalin Enache <catalin.enache@windriver.com>
3Date: Wed, 20 Apr 2016 15:17:18 +0300
4Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv
5
6Upstream-Status: Backport
7CVE: CVE-2016-3947
8
9Author: Yuriy M. Kaminskiy <yumkam@gmail.com>
10Committer: Amos Jeffries <squid3@treenet.co.nz
11Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
12---
13 src/icmp/Icmp6.cc | 5 ++---
14 1 file changed, 2 insertions(+), 3 deletions(-)
15
16diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc
17index 794a51a..ee84b80 100644
18--- a/src/icmp/Icmp6.cc
19+++ b/src/icmp/Icmp6.cc
20@@ -256,7 +256,7 @@ Icmp6::Recv(void)
21 #define ip6_hops // HOPS!!! (can it be true??)
22
23 ip = (struct ip6_hdr *) pkt;
24- pkt += sizeof(ip6_hdr);
25+ NP: echo size needs to +sizeof(ip6_hdr);
26
27 debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
28 ", ip6_plen=" << ip->ip6_plen <<
29@@ -267,7 +267,6 @@ Icmp6::Recv(void)
30 */
31
32 icmp6header = (struct icmp6_hdr *) pkt;
33- pkt += sizeof(icmp6_hdr);
34
35 if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
36
37@@ -292,7 +291,7 @@ Icmp6::Recv(void)
38 return;
39 }
40
41- echo = (icmpEchoData *) pkt;
42+ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
43
44 preply.opcode = echo->opcode;
45
46--
472.7.4
48
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
index c3eabcdb3..750484a7b 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
19 file://squid-use-serial-tests-config-needed-by-ptest.patch \ 19 file://squid-use-serial-tests-config-needed-by-ptest.patch \
20 file://run-ptest \ 20 file://run-ptest \
21 file://volatiles.03_squid \ 21 file://volatiles.03_squid \
22 file://CVE-2016-3947.patch \
22" 23"
23 24
24LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ 25LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-17 18:26:03 +0000