* [fido,dizzy][PATCH] bind: CVE-2015-8704
@ 2016-01-25 19:15 Derek Straka
0 siblings, 0 replies; only message in thread
From: Derek Straka @ 2016-01-25 19:15 UTC (permalink / raw)
To: openembedded-core; +Cc: Derek Straka
CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
Signed-off-by: Derek Straka <derek@asterius.io>
---
.../bind/bind/CVE-2015-8704.patch | 38 ++++++++++++++++++++++
meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
new file mode 100644
index 0000000..e05327e
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch
@@ -0,0 +1,38 @@
+a buffer size check can cause denial of service under certain circumstances
+
+[security]
+The following flaw in BIND was reported by ISC:
+
+A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c.
+
+A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations.
+
+Upstream-Status: Backport
+CVE: CVE-2015-8704
+
+[The patch is taken from BIND 9.9.8:
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704]
+
+Signed-off-by: Derek Straka <derek@asterius.io>
+diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
+index bedd38e..28eb7f2 100644
+--- a/lib/dns/rdata/in_1/apl_42.c
++++ b/lib/dns/rdata/in_1/apl_42.c
+@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_uint8_t len;
+ isc_boolean_t neg;
+ unsigned char buf[16];
+- char txt[sizeof(" !64000")];
++ char txt[sizeof(" !64000:")];
+ const char *sep = "";
+ int n;
+
+@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) {
+ isc_region_consume(&sr, 1);
+ INSIST(len <= sr.length);
+ n = snprintf(txt, sizeof(txt), "%s%s%u:", sep,
+- neg ? "!": "", afi);
++ neg ? "!" : "", afi);
+ INSIST(n < (int)sizeof(txt));
+ RETERR(str_totext(txt, target));
+ switch (afi) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 79b0397..e367172 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://CVE-2015-4620.patch \
file://CVE-2015-5722.patch \
file://CVE-2015-8000.patch \
+ file://CVE-2015-8704.patch \
"
SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
--
1.9.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-01-25 19:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-25 19:15 [fido,dizzy][PATCH] bind: CVE-2015-8704 Derek Straka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.