diff options
| author |   Roy Li <rongqing.li@windriver.com> | 2015-06-05 13:23:28 +0800 |
|---|---|---|
| committer |   Martin Jansa <Martin.Jansa@gmail.com> | 2015-10-26 21:43:08 +0100 |
| commit | dd407add556dcee973477c4544ff1e165f21310f (patch) | |
| tree | 0d3efab0d5496a7f492f7b48d029cee5d33b7c65 | |
| parent | 7ab203e051543edd730e6a630f47c5fcc846bd41 (diff) | |
| download | meta-openembedded-contrib-dd407add556dcee973477c4544ff1e165f21310f.tar.gz | |
ipsec-tools: Security Advisory - CVE-2015-4047
This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch | 36 | ||||
| -rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch new file mode 100644 index 0000000000..5286376ac6 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch @@ -0,0 +1,36 @@ +[PATCH] fix CVE-2015-4047 + +Upstream-Status: Backport + +http://www.openwall.com/lists/oss-security/2015/05/20/1 + +racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause +a denial of service (NULL pointer dereference and IKE daemon crash) via +a series of crafted UDP requests. + +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + src/racoon/gssapi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c +index e64b201..1ad3b42 100644 +--- a/src/racoon/gssapi.c ++++ b/src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); +-- +1.9.1 + diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb index 9704b138c7..574f15924a 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb @@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV file://racoon.conf.sample \ file://racoon.conf \ file://racoon.service \ + file://fix-CVE-2015-4047.patch \ " SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41" SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d" |