From: Otavio Salvador <otavio@ossystems.com.br>
To: Meta-OpenEmbedded Mailing listing
<openembedded-devel@lists.openembedded.org>
Subject: [meta-oe backport krogoth PATCH 07/22] squid: CVE-2016-3947
Date: Fri, 6 May 2016 11:00:44 -0300 [thread overview]
Message-ID: <1462543259-7206-7-git-send-email-otavio@ossystems.com.br> (raw)
In-Reply-To: <1462543259-7206-1-git-send-email-otavio@ossystems.com.br>
From: Catalin Enache <catalin.enache@windriver.com>
Heap-based buffer overflow in the Icmp6::Recv function in
icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x
before 4.0.8 allows remote servers to cause a denial of
service (performance degradation or transition failures)
or write sensitive information to log files via an ICMPv6
packet.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
.../squid/files/CVE-2016-3947.patch | 48 ++++++++++++++++++++++
.../recipes-daemons/squid/squid_3.5.7.bb | 1 +
2 files changed, 49 insertions(+)
create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
new file mode 100644
index 0000000..c83e6ab
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-3947.patch
@@ -0,0 +1,48 @@
+From 0fe108ecb2bbdf684f159950eaa55d22f07c4008 Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Wed, 20 Apr 2016 15:17:18 +0300
+Subject: [PATCH] pinger: Fix buffer overflow in Icmp6::Recv
+
+Upstream-Status: Backport
+CVE: CVE-2016-3947
+
+Author: Yuriy M. Kaminskiy <yumkam@gmail.com>
+Committer: Amos Jeffries <squid3@treenet.co.nz
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/icmp/Icmp6.cc | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/icmp/Icmp6.cc b/src/icmp/Icmp6.cc
+index 794a51a..ee84b80 100644
+--- a/src/icmp/Icmp6.cc
++++ b/src/icmp/Icmp6.cc
+@@ -256,7 +256,7 @@ Icmp6::Recv(void)
+ #define ip6_hops // HOPS!!! (can it be true??)
+
+ ip = (struct ip6_hdr *) pkt;
+- pkt += sizeof(ip6_hdr);
++ NP: echo size needs to +sizeof(ip6_hdr);
+
+ debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
+ ", ip6_plen=" << ip->ip6_plen <<
+@@ -267,7 +267,6 @@ Icmp6::Recv(void)
+ */
+
+ icmp6header = (struct icmp6_hdr *) pkt;
+- pkt += sizeof(icmp6_hdr);
+
+ if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
+
+@@ -292,7 +291,7 @@ Icmp6::Recv(void)
+ return;
+ }
+
+- echo = (icmpEchoData *) pkt;
++ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
+
+ preply.opcode = echo->opcode;
+
+--
+2.7.4
+
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
index c3eabcd..750484a 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
@@ -19,6 +19,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
file://squid-use-serial-tests-config-needed-by-ptest.patch \
file://run-ptest \
file://volatiles.03_squid \
+ file://CVE-2016-3947.patch \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
--
2.8.2
next prev parent reply other threads:[~2016-05-06 14:01 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-06 14:00 [meta-oe backport krogoth PATCH 01/22] net-snmp: enable ipv6 support Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 02/22] dovecot: fix QA issue and remove from blacklist Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 03/22] proftpd: CVE-2016-3125 Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 04/22] openconnect: add missing dependencies Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 05/22] rp-pppoe: Fix rootfs creation errors Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 06/22] meta-networking: use bb.utils.contains() instead of base_contains() Otavio Salvador
2016-05-07 17:37 ` akuster808
2016-05-06 14:00 ` Otavio Salvador [this message]
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 08/22] ltrace: Error Fix for ARM Otavio Salvador
2016-05-06 14:16 ` Martin Jansa
2016-05-06 14:20 ` Otavio Salvador
2016-05-06 14:33 ` Martin Jansa
2016-05-06 15:52 ` akuster808
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 09/22] ltrace: Remove deprecated readdir_r() Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 10/22] fbida: use separate builddir Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 11/22] sblim-sfcb: add missing dependency on unzip-native Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 12/22] syslog-ng.inc: fix prerm script & class includes Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 13/22] sox: dep on ffmpeg, not libav Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 14/22] meta-xfce: add intltool-native to DEPENDS Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 15/22] xfce-polkit: fix warning not able to copy license Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 16/22] fluidsynth: set correct portaudio packageconfig dependency Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 17/22] glmark2: wl_surface should be destoryed after destroying wl_window Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 18/22] packagegroup-tools-bluetooth.bb: Selects the tools appropriate for the version of bluez being used Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 19/22] opencv: Fix metapkg dependencies for opencv-java and opencv-locales Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 20/22] python-pyparsing: modify build to correctly use setuptools rather than distutils Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 21/22] rrdtool: fix do_configure failure on some hosts Otavio Salvador
2016-05-06 14:00 ` [meta-oe backport krogoth PATCH 22/22] toybox: Remove out-of-date patch Otavio Salvador
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1462543259-7206-7-git-send-email-otavio@ossystems.com.br \
--to=otavio@ossystems.com.br \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.