[OE-core] [PATCH] dhcp: CVE-2015-8605

Joshua G Lock joshua.g.lock at linux.intel.com
Wed Mar 9 21:09:26 UTC 2016 

Hi Mariano,

Thanks for the patch.

On Tue, 2016-03-08 at 10:26 +0000, mariano.lopez at linux.intel.com wrote:
> From: Mariano Lopez <mariano.lopez at linux.intel.com>
> 
> ISC DHCP allows remote attackers to cause a denial of
> service (application crash) via an invalid length field
> in a UDP IPv4 packet.
> 
> Signed-off-by: Mariano Lopez <mariano.lopez at linux.intel.com>
> ---
>  .../dhcp/dhcp/CVE-2015-8605.patch                  |  99
> ++++++++++++++++
>  .../dhcp/dhcp/CVE-2015-8605_1.patch                | 131
> +++++++++++++++++++++
>  meta/recipes-connectivity/dhcp/dhcp_4.3.1.bb       |   2 +
>  3 files changed, 232 insertions(+)
>  create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-
> 8605.patch
>  create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-
> 8605_1.patch
> 
> diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
> b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
> new file mode 100644
> index 0000000..923d5d5
> --- /dev/null
> +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
> @@ -0,0 +1,99 @@
> +Solves CVE-2015-8605 that caused DoS when an invalid lenght field in

lenght -> length

> IPv4 UDP
> +was recived by the server.
> +
> +Upstream-Status: Backport

Can you include some more information about the backport, i.e. the
version the patch was backported from, in the Upstream-Status: field so
that it's easier to determine why this patch isn't required in jethro
and master?

> +CVE: CVE-2015-8605
> +
> +Signed-off-by: Mariano Lopez <mariano.lopez at linux.intel.com>
> +
> +====================================================================
> ===
> +diff --git a/common/packet.c b/common/packet.c

<snip>

> new file mode 100644
> index 0000000..37a3d72
> --- /dev/null
> +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605_1.patch
> @@ -0,0 +1,131 @@
> +This patch is needed for the CVE-2015-8605 that caused DoS when an
> invalid lenght field in IPv4 UDP

lenght -> length

> +was recived by the server.

recived -> received

> +
> +Upstream-Status: Backport

Same again, what version was this backported from?

Thanks,

Joshua

More information about the Openembedded-core mailing list