diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2015-07-30 13:48:55 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-09-01 21:37:29 +0100 |
commit | b64eae5767dbea2d7d85a0a281e1a25efe91d157 (patch) | |
tree | 27d692069417ba0b04794475063d7d276242485f | |
parent | 0e6473ad750605352aabda3e9d3a17229ba2180d (diff) | |
download | poky-b64eae5767dbea2d7d85a0a281e1a25efe91d157.tar.gz |
bind9.9.5: CVE-2015-5477
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272
(From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch | 45 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch new file mode 100644 index 0000000000..896272a471 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Andrews <marka@isc.org> | ||
3 | Date: Tue, 14 Jul 2015 14:48:42 +1000 | ||
4 | Subject: [PATCH] 4165. [bug] An failure to reset a value to NULL | ||
5 | in tkey.c could result in an assertion failure. | ||
6 | (CVE-2015-5477) [RT #40046] | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | [CHANGES file has been edited manually to add CVE-2015-5477 and | ||
10 | an already applied CVE (CVE-2014-8500)]. | ||
11 | |||
12 | Referenc: https://kb.isc.org/article/AA-01272 | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | |||
16 | diff -ruN a/CHANGES b/CHANGES | ||
17 | --- a/CHANGES 2014-01-27 19:58:24.000000000 +0100 | ||
18 | +++ b/CHANGES 2015-07-30 11:03:18.871670769 +0200 | ||
19 | @@ -1,4 +1,15 @@ | ||
20 | --- 9.9.5 released --- | ||
21 | +4165. [security] An failure to reset a value to NULL in tkey.c could | ||
22 | + result in an assertion failure. (CVE-2015-5477) | ||
23 | + [RT #40046] | ||
24 | + | ||
25 | +4006. [security] A flaw in delegation handling could be exploited | ||
26 | + to put named into an infinite loop. This has | ||
27 | + been addressed by placing limits on the number | ||
28 | + of levels of recursion named will allow (default 7), | ||
29 | + and the number of iterative queries that it will | ||
30 | + send (default 50) before terminating a recursive | ||
31 | + query (CVE-2014-8500). | ||
32 | |||
33 | --- 9.9.5rc2 released --- | ||
34 | |||
35 | diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c | ||
36 | --- a/lib/dns/tkey.c 2014-01-27 19:58:24.000000000 +0100 | ||
37 | +++ b/lib/dns/tkey.c 2015-07-30 10:58:30.647945942 +0200 | ||
38 | @@ -650,6 +650,7 @@ | ||
39 | * Try the answer section, since that's where Win2000 | ||
40 | * puts it. | ||
41 | */ | ||
42 | + name = NULL; | ||
43 | if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, | ||
44 | dns_rdatatype_tkey, 0, &name, | ||
45 | &tkeyset) != ISC_R_SUCCESS) { | ||
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 8e04f8a040..e206cc45d8 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb | |||
@@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ | |||
18 | file://bind9 \ | 18 | file://bind9 \ |
19 | file://init.d-add-support-for-read-only-rootfs.patch \ | 19 | file://init.d-add-support-for-read-only-rootfs.patch \ |
20 | file://bind9_9_5-CVE-2014-8500.patch \ | 20 | file://bind9_9_5-CVE-2014-8500.patch \ |
21 | file://bind9_9_5-CVE-2015-5477.patch \ | ||
21 | " | 22 | " |
22 | 23 | ||
23 | SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" | 24 | SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" |