diff options
Diffstat (limited to 'meta-networking/recipes-support/ipsec-tools')
-rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch | 36 | ||||
-rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch new file mode 100644 index 0000000000..5286376ac6 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch @@ -0,0 +1,36 @@ +[PATCH] fix CVE-2015-4047 + +Upstream-Status: Backport + +http://www.openwall.com/lists/oss-security/2015/05/20/1 + +racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause +a denial of service (NULL pointer dereference and IKE daemon crash) via +a series of crafted UDP requests. + +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + src/racoon/gssapi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c +index e64b201..1ad3b42 100644 +--- a/src/racoon/gssapi.c ++++ b/src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); +-- +1.9.1 + diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb index 67b70d0370..bb6fe84d99 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb @@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV file://racoon.conf.sample \ file://racoon.conf \ file://racoon.service \ + file://fix-CVE-2015-4047.patch \ " SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41" SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d" |