bind9.9.5: CVE-2015-5477

Fixed a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 (From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2015-07-30 13:48:55 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-01 21:37:29 +0100
commit: b64eae5767dbea2d7d85a0a281e1a25efe91d157 (patch)
tree: 27d692069417ba0b04794475063d7d276242485f /meta
parent: 0e6473ad750605352aabda3e9d3a17229ba2180d (diff)
download: poky-b64eae5767dbea2d7d85a0a281e1a25efe91d157.tar.gz
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
new file mode 100644
index 0000000000..896272a471
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
+From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 14 Jul 2015 14:48:42 +1000
+Subject: [PATCH] 4165.   [bug]           An failure to reset a value to NULL
+ in tkey.c could                         result in an assertion failure.
+ (CVE-2015-5477)                         [RT #40046]
+Upstream-Status: Backport
+[CHANGES file has been edited manually to add CVE-2015-5477 and
+an already applied CVE (CVE-2014-8500)].
+Referenc: https://kb.isc.org/article/AA-01272
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES   2014-01-27 19:58:24.000000000 +0100
+++ b/CHANGES   2015-07-30 11:03:18.871670769 +0200
+@@ -1,4 +1,15 @@
+        --- 9.9.5 released ---
+4165.   [security]      An failure to reset a value to NULL in tkey.c could
+                        result in an assertion failure. (CVE-2015-5477)
+                        [RT #40046]
+
+4006.   [security]      A flaw in delegation handling could be exploited
+                        to put named into an infinite loop.  This has
+                        been addressed by placing limits on the number
+                        of levels of recursion named will allow (default 7),
+                        and the number of iterative queries that it will
+                        send (default 50) before terminating a recursive
+                        query (CVE-2014-8500).
+ 
+        --- 9.9.5rc2 released ---
+ 
+diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
+--- a/lib/dns/tkey.c    2014-01-27 19:58:24.000000000 +0100
+++ b/lib/dns/tkey.c    2015-07-30 10:58:30.647945942 +0200
+@@ -650,6 +650,7 @@
+                 * Try the answer section, since that's where Win2000
+                 * puts it.
+                 */
+               name = NULL;
+                if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+                                         dns_rdatatype_tkey, 0, &name,
+                                         &tkeyset) != ISC_R_SUCCESS) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 8e04f8a040..e206cc45d8 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
           file://bind9 \
           file://init.d-add-support-for-read-only-rootfs.patch \
           file://bind9_9_5-CVE-2014-8500.patch \
+           file://bind9_9_5-CVE-2015-5477.patch \
           "
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
author	Sona Sarmadi <sona.sarmadi@enea.com>	2015-07-30 13:48:55 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-09-01 21:37:29 +0100
commit	b64eae5767dbea2d7d85a0a281e1a25efe91d157 (patch)
tree	27d692069417ba0b04794475063d7d276242485f /meta
parent	0e6473ad750605352aabda3e9d3a17229ba2180d (diff)
download	poky-b64eae5767dbea2d7d85a0a281e1a25efe91d157.tar.gz

diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch new file mode 100644 index 0000000000..896272a471 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
		1	From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
		2	From: Mark Andrews <marka@isc.org>
		3	Date: Tue, 14 Jul 2015 14:48:42 +1000
		4	Subject: [PATCH] 4165. [bug] An failure to reset a value to NULL
		5	in tkey.c could result in an assertion failure.
		6	(CVE-2015-5477) [RT #40046]
		7
		8	Upstream-Status: Backport
		9	[CHANGES file has been edited manually to add CVE-2015-5477 and
		10	an already applied CVE (CVE-2014-8500)].
		11
		12	Referenc: https://kb.isc.org/article/AA-01272
		13
		14	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
		15
		16	diff -ruN a/CHANGES b/CHANGES
		17	--- a/CHANGES 2014-01-27 19:58:24.000000000 +0100
		18	+++ b/CHANGES 2015-07-30 11:03:18.871670769 +0200
		19	@@ -1,4 +1,15 @@
		20	--- 9.9.5 released ---
		21	+4165. [security] An failure to reset a value to NULL in tkey.c could
		22	+ result in an assertion failure. (CVE-2015-5477)
		23	+ [RT #40046]
		24	+
		25	+4006. [security] A flaw in delegation handling could be exploited
		26	+ to put named into an infinite loop. This has
		27	+ been addressed by placing limits on the number
		28	+ of levels of recursion named will allow (default 7),
		29	+ and the number of iterative queries that it will
		30	+ send (default 50) before terminating a recursive
		31	+ query (CVE-2014-8500).
		32
		33	--- 9.9.5rc2 released ---
		34
		35	diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
		36	--- a/lib/dns/tkey.c 2014-01-27 19:58:24.000000000 +0100
		37	+++ b/lib/dns/tkey.c 2015-07-30 10:58:30.647945942 +0200
		38	@@ -650,6 +650,7 @@
		39	* Try the answer section, since that's where Win2000
		40	* puts it.
		41	*/
		42	+ name = NULL;
		43	if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
		44	dns_rdatatype_tkey, 0, &name,
		45	&tkeyset) != ISC_R_SUCCESS) {


diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 8e04f8a040..e206cc45d8 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
18	file://bind9 \	18	file://bind9 \
19	file://init.d-add-support-for-read-only-rootfs.patch \	19	file://init.d-add-support-for-read-only-rootfs.patch \
20	file://bind9_9_5-CVE-2014-8500.patch \	20	file://bind9_9_5-CVE-2014-8500.patch \
		21	file://bind9_9_5-CVE-2015-5477.patch \
21	"	22	"
22		23
23	SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"	24	SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"