diff options
author | Derek Straka <derek@asterius.io> | 2016-01-25 14:15:28 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-30 12:08:36 +0000 |
commit | 78ceabeb2df55194f16324d21ba97e81121f996b (patch) | |
tree | 535a3c97b64fe544e22e00447481e7b595c3edf1 /meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | |
parent | 409f19280983b8100a27a773cefbff187cca737a (diff) | |
download | openembedded-core-contrib-78ceabeb2df55194f16324d21ba97e81121f996b.tar.gz |
bind: CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704:
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug logging is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Diffstat (limited to 'meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..d5bf740e84 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch @@ -0,0 +1,28 @@ +a buffer size check can cause denial of service under certain circumstances + +[security] +The following flaw in BIND was reported by ISC: + +A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. + +A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. + +Upstream-Status: Backport +CVE: CVE-2015-8704 + +[The patch is taken from BIND 9.10.3: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704] + +Signed-off-by: Derek Straka <derek@asterius.io> +diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c +index bedd38e..28eb7f2 100644 +--- a/lib/dns/rdata/in_1/apl_42.c ++++ b/lib/dns/rdata/in_1/apl_42.c +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; |