diff options
| author |   Armin Kuster <akuster@mvista.com> | 2016-02-06 15:15:02 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-07 17:22:04 +0000 |
| commit | 600c1d2beb64e23123e478051537b917f5d4a8a7 (patch) | |
| tree | 40bfc7103798ecd9998c40be52ce02020773096b | |
| parent | d5db25213613cb862255047c0e995fd5489d9765 (diff) | |
| download | openembedded-core-600c1d2beb64e23123e478051537b917f5d4a8a7.tar.gz | |
bind: Security fix CVE-2015-8704
CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch | 29 | ||||
| -rw-r--r-- | meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000000..7f28e4496a --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch @@ -0,0 +1,29 @@ +Upstream-Status: Backport + +https://bugzilla.redhat.com/attachment.cgi?id=1115781 + +CVE: CVE-2015-8704 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: bind-9.9.5/lib/dns/rdata/in_1/apl_42.c +=================================================================== +--- bind-9.9.5.orig/lib/dns/rdata/in_1/apl_42.c ++++ bind-9.9.5/lib/dns/rdata/in_1/apl_42.c +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; + +@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_region_consume(&sr, 1); + INSIST(len <= sr.length); + n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, +- neg ? "!": "", afi); ++ neg ? "!" : "", afi); + INSIST(n < (int)sizeof(txt)); + RETERR(str_totext(txt, target)); + switch (afi) { diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 79b0397a56..a904d6ebbe 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb @@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://CVE-2015-4620.patch \ file://CVE-2015-5722.patch \ file://CVE-2015-8000.patch \ + file://CVE-2015-8704.patch \ " SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" |