diff options
author | Armin Kuster <akuster@mvista.com> | 2015-09-07 16:21:43 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-09-18 19:22:24 +0100 |
commit | ab7f4c1a6d41b80d4e0c0c5ca3d6c94acd82ae1b (patch) | |
tree | c544f235ca00778c2af7e3bf73775e8c4e410b0d /meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch | |
parent | 78b2eaa5163d61e051e0511a6223c344d1b1c2eb (diff) | |
download | poky-ab7f4c1a6d41b80d4e0c0c5ca3d6c94acd82ae1b.tar.gz |
bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722
three security fixes.
(From OE-Core rev: 16e80afe187c173e00b734c757a05157855ed504)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch new file mode 100644 index 0000000000..dea7aaef53 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-1349.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | CVE-2015-1349 bind: issue in trust anchor management can cause named to crash | ||
2 | |||
3 | commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892 | ||
4 | Author: Evan Hunt <each@isc.org> | ||
5 | Date: Tue Feb 3 18:30:38 2015 -0800 | ||
6 | |||
7 | [v9_9_6_patch] avoid crash due to managed-key rollover | ||
8 | |||
9 | 4053. [security] Revoking a managed trust anchor and supplying | ||
10 | an untrusted replacement could cause named | ||
11 | to crash with an assertion failure. | ||
12 | (CVE-2015-1349) [RT #38344] | ||
13 | |||
14 | Upstream Status: Backport from Redhat | ||
15 | |||
16 | https://bugzilla.redhat.com/attachment.cgi?id=993045 | ||
17 | |||
18 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
19 | |||
20 | Index: bind-9.9.5/CHANGES | ||
21 | =================================================================== | ||
22 | --- bind-9.9.5.orig/CHANGES | ||
23 | +++ bind-9.9.5/CHANGES | ||
24 | @@ -1,3 +1,10 @@ | ||
25 | + --- 9.9.6-P2 released --- | ||
26 | + | ||
27 | +4053. [security] Revoking a managed trust anchor and supplying | ||
28 | + an untrusted replacement could cause named | ||
29 | + to crash with an assertion failure. | ||
30 | + (CVE-2015-1349) [RT #38344] | ||
31 | + | ||
32 | --- 9.9.5 released --- | ||
33 | |||
34 | --- 9.9.5rc2 released --- | ||
35 | Index: bind-9.9.5/lib/dns/zone.c | ||
36 | =================================================================== | ||
37 | --- bind-9.9.5.orig/lib/dns/zone.c | ||
38 | +++ bind-9.9.5/lib/dns/zone.c | ||
39 | @@ -8496,6 +8496,12 @@ keyfetch_done(isc_task_t *task, isc_even | ||
40 | namebuf, tag); | ||
41 | trustkey = ISC_TRUE; | ||
42 | } | ||
43 | + } else { | ||
44 | + /* | ||
45 | + * No previously known key, and the key is not | ||
46 | + * secure, so skip it. | ||
47 | + */ | ||
48 | + continue; | ||
49 | } | ||
50 | |||
51 | /* Delete old version */ | ||
52 | @@ -8544,7 +8550,7 @@ keyfetch_done(isc_task_t *task, isc_even | ||
53 | trust_key(zone, keyname, &dnskey, mctx); | ||
54 | } | ||
55 | |||
56 | - if (!deletekey) | ||
57 | + if (secure && !deletekey) | ||
58 | set_refreshkeytimer(zone, &keydata, now); | ||
59 | } | ||
60 | |||