summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2015-08-04 10:36:55 (GMT)
committerSona Sarmadi <sona.sarmadi@enea.com>2015-08-04 10:36:55 (GMT)
commit856bb19cc85a075854f04eb24f280f22144d3d5a (patch)
tree24ca899d8299c00b155854a42201ee20cb8bb646
parent38657774707334618c35772a9acb7492742a28f6 (diff)
downloadpoky-856bb19cc85a075854f04eb24f280f22144d3d5a.tar.gz
bind9.9.5: CVE-2015-5477
Fixes a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r--meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch45
-rw-r--r--meta/recipes-connectivity/bind/bind_9.9.5.bb1
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
new file mode 100644
index 0000000..896272a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
1From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
2From: Mark Andrews <marka@isc.org>
3Date: Tue, 14 Jul 2015 14:48:42 +1000
4Subject: [PATCH] 4165. [bug] An failure to reset a value to NULL
5 in tkey.c could result in an assertion failure.
6 (CVE-2015-5477) [RT #40046]
7
8Upstream-Status: Backport
9[CHANGES file has been edited manually to add CVE-2015-5477 and
10an already applied CVE (CVE-2014-8500)].
11
12Referenc: https://kb.isc.org/article/AA-01272
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15
16diff -ruN a/CHANGES b/CHANGES
17--- a/CHANGES 2014-01-27 19:58:24.000000000 +0100
18+++ b/CHANGES 2015-07-30 11:03:18.871670769 +0200
19@@ -1,4 +1,15 @@
20 --- 9.9.5 released ---
21+4165. [security] An failure to reset a value to NULL in tkey.c could
22+ result in an assertion failure. (CVE-2015-5477)
23+ [RT #40046]
24+
25+4006. [security] A flaw in delegation handling could be exploited
26+ to put named into an infinite loop. This has
27+ been addressed by placing limits on the number
28+ of levels of recursion named will allow (default 7),
29+ and the number of iterative queries that it will
30+ send (default 50) before terminating a recursive
31+ query (CVE-2014-8500).
32
33 --- 9.9.5rc2 released ---
34
35diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
36--- a/lib/dns/tkey.c 2014-01-27 19:58:24.000000000 +0100
37+++ b/lib/dns/tkey.c 2015-07-30 10:58:30.647945942 +0200
38@@ -650,6 +650,7 @@
39 * Try the answer section, since that's where Win2000
40 * puts it.
41 */
42+ name = NULL;
43 if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
44 dns_rdatatype_tkey, 0, &name,
45 &tkeyset) != ISC_R_SUCCESS) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index a261d78..a8410e6 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -14,6 +14,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
14 file://mips1-not-support-opcode.diff \ 14 file://mips1-not-support-opcode.diff \
15 file://dont-test-on-host.patch \ 15 file://dont-test-on-host.patch \
16 file://bind9_9_5-CVE-2014-8500.patch \ 16 file://bind9_9_5-CVE-2014-8500.patch \
17 file://bind9_9_5-CVE-2015-5477.patch \
17 " 18 "
18 19
19SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" 20SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"