diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-04-08 10:21:05 +0200 |
|---|---|---|
| committer | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-04-08 12:32:13 +0200 |
| commit | 3f66cbfdff13798a6893abb7a43d45abc7004a49 (patch) | |
| tree | 564c0c8c779df88482ca94398ac23de08c1ef918 /meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | |
| parent | c916152b1fa7806a32f1e9b35d89fae9d29894d0 (diff) | |
| download | poky-3f66cbfdff13798a6893abb7a43d45abc7004a49.tar.gz | |
bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722
CVE-2015-1349:
https://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A-
A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html
CVE-2015-4620
https://kb.isc.org/article/AA-01267/0/CVE-2015-4620%3A-
Specially-Constructed-Zone-Data-Can-Cause-a-Resolver-to-Crash-when-Validating.html
CVE-2015-5722
https://kb.isc.org/article/AA-01287/0/CVE-2015-5722%3A-
Parsing-malformed-keys-may-cause-BIND-to-exit-due-to-a-failed-assertion-in-buffer.c.html
(From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8)
Reference:
https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch new file mode 100644 index 0000000000..1a5051e638 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-4620.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned() | ||
| 2 | |||
| 3 | issue introduced by git commit | ||
| 4 | |||
| 5 | https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=44f175a90a855326725439b2f1178f0dcca8f67d | ||
| 6 | |||
| 7 | which is in this version of bind. | ||
| 8 | |||
| 9 | Upstream Status: Backport from Redhat | ||
| 10 | |||
| 11 | https://bugzilla.redhat.com/attachment.cgi?id=1044719 | ||
| 12 | |||
| 13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 14 | |||
| 15 | Index: bind-9.9.5/lib/dns/validator.c | ||
| 16 | =================================================================== | ||
| 17 | --- bind-9.9.5.orig/lib/dns/validator.c | ||
| 18 | +++ bind-9.9.5/lib/dns/validator.c | ||
| 19 | @@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r | ||
| 20 | */ | ||
| 21 | static isc_boolean_t | ||
| 22 | isselfsigned(dns_validator_t *val) { | ||
| 23 | - dns_fixedname_t fixed; | ||
| 24 | dns_rdataset_t *rdataset, *sigrdataset; | ||
| 25 | dns_rdata_t rdata = DNS_RDATA_INIT; | ||
| 26 | dns_rdata_t sigrdata = DNS_RDATA_INIT; | ||
| 27 | @@ -1462,8 +1461,7 @@ isselfsigned(dns_validator_t *val) { | ||
| 28 | result = dns_dnssec_verify3(name, rdataset, dstkey, | ||
| 29 | ISC_TRUE, | ||
| 30 | val->view->maxbits, | ||
| 31 | - mctx, &sigrdata, | ||
| 32 | - dns_fixedname_name(&fixed)); | ||
| 33 | + mctx, &sigrdata, NULL); | ||
| 34 | dst_key_free(&dstkey); | ||
| 35 | if (result != ISC_R_SUCCESS) | ||
| 36 | continue; | ||