[OE-core] [PATCH 21/21] bind: Security fix CVE-2015-8704
Armin Kuster
akuster808 at gmail.com
Sat Feb 6 23:15:02 UTC 2016
From: Armin Kuster <akuster at mvista.com>
CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c
Signed-off-by: Armin Kuster <akuster at mvista.com>
---
.../bind/bind/CVE-2015-8704.patch | 29 ++++++++++++++++++++++
meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 +
2 files changed, 30 insertions(+)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000..7f28e44
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,29 @@
+Upstream-Status: Backport
+
+https://bugzilla.redhat.com/attachment.cgi?id=1115781
+
+CVE: CVE-2015-8704
+Signed-off-by: Armin Kuster <akuster at mvista.com>
+
+Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+===================================================================
+--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c
++++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_uint8_t len;
+ isc_boolean_t neg;
+ unsigned char buf[16];
+- char txt[sizeof(" !64000")];
++ char txt[sizeof(" !64000:")];
+ const char *sep = "";
+ int n;
+
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_region_consume(&sr, 1);
+ INSIST(len <= sr.length);
+ n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+- neg ? "!": "", afi);
++ neg ? "!" : "", afi);
+ INSIST(n < (int)sizeof(txt));
+ RETERR(str_totext(txt, target));
+ switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397..a904d6e 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://CVE-2015-4620.patch \
file://CVE-2015-5722.patch \
file://CVE-2015-8000.patch \
+ file://CVE-2015-8704.patch \
"
SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
--
2.3.5
More information about the Openembedded-core
mailing list