summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2017-04-06 09:07:37 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-04-10 23:00:42 +0100
commit36b2865318c78d0d79cca8aafb06c4e993a00471 (patch)
treec2641b8aa51810406188a905060555490fe153cf /meta
parent74d7d12b3760d0b149538c0c08cddb0e3db3b012 (diff)
downloadpoky-36b2865318c78d0d79cca8aafb06c4e993a00471.tar.gz
busybox: Security fix CVE-2016-6301
ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 (From OE-Core rev: 301dc9df16cce1f4649f90af47159bc21be0de59) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/busybox/busybox/CVE-2016-6301.patch37
-rw-r--r--meta/recipes-core/busybox/busybox_1.24.1.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
new file mode 100644
index 0000000000..851bc20f79
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2016-6301.patch
@@ -0,0 +1,37 @@
1busybox1.24.1: Fix CVE-2016-6301
2
3[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=1363710
4
5ntpd: NTP server denial of service flaw
6
7The busybox NTP implementation doesn't check the NTP mode of packets
8received on the server port and responds to any packet with the right
9size. This includes responses from another NTP server. An attacker can
10send a packet with a spoofed source address in order to create an
11infinite loop of responses between two busybox NTP servers. Adding
12more packets to the loop increases the traffic between the servers
13until one of them has a fully loaded CPU and/or network.
14
15Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71]
16CVE: CVE-2016-6301
17Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
18Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
19
20diff --git a/networking/ntpd.c b/networking/ntpd.c
21index 9732c9b..0f6a55f 100644
22--- a/networking/ntpd.c
23+++ b/networking/ntpd.c
24@@ -1985,6 +1985,13 @@ recv_and_process_client_pkt(void /*int fd*/)
25 goto bail;
26 }
27
28+ /* Respond only to client and symmetric active packets */
29+ if ((msg.m_status & MODE_MASK) != MODE_CLIENT
30+ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT
31+ ) {
32+ goto bail;
33+ }
34+
35 query_status = msg.m_status;
36 query_xmttime = msg.m_xmttime;
37
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index 41fc64175e..6013ec9e5d 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
47 file://CVE-2016-2148.patch \ 47 file://CVE-2016-2148.patch \
48 file://CVE-2016-2147.patch \ 48 file://CVE-2016-2147.patch \
49 file://CVE-2016-2147_2.patch \ 49 file://CVE-2016-2147_2.patch \
50 file://CVE-2016-6301.patch \
50 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \ 51 file://ip_fix_problem_on_mips64_n64_big_endian_musl_systems.patch \
51 file://makefile-fix-backport.patch \ 52 file://makefile-fix-backport.patch \
52 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \ 53 file://0001-sed-fix-sed-n-flushes-pattern-space-terminates-early.patch \