From: Mariano Lopez <mariano.lopez@linux.intel.com>
To: Joshua G Lock <joshua.g.lock@linux.intel.com>,
openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] dhcp: CVE-2015-8605
Date: Thu, 10 Mar 2016 14:16:46 -0600 [thread overview]
Message-ID: <56E1D62E.8030504@linux.intel.com> (raw)
In-Reply-To: <1457557766.3642.11.camel@linux.intel.com>
On 03/09/2016 03:09 PM, Joshua G Lock wrote:
> Hi Mariano,
>
> Thanks for the patch.
>
> On Tue, 2016-03-08 at 10:26 +0000, mariano.lopez@linux.intel.com wrote:
>> From: Mariano Lopez <mariano.lopez@linux.intel.com>
>>
>> ISC DHCP allows remote attackers to cause a denial of
>> service (application crash) via an invalid length field
>> in a UDP IPv4 packet.
>>
>> Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
>> ---
>> .../dhcp/dhcp/CVE-2015-8605.patch | 99
>> ++++++++++++++++
>> .../dhcp/dhcp/CVE-2015-8605_1.patch | 131
>> +++++++++++++++++++++
>> meta/recipes-connectivity/dhcp/dhcp_4.3.1.bb | 2 +
>> 3 files changed, 232 insertions(+)
>> create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-
>> 8605.patch
>> create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-
>> 8605_1.patch
>>
>> diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
>> b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
>> new file mode 100644
>> index 0000000..923d5d5
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
>> @@ -0,0 +1,99 @@
>> +Solves CVE-2015-8605 that caused DoS when an invalid lenght field in
> lenght -> length
>
>> IPv4 UDP
>> +was recived by the server.
>> +
>> +Upstream-Status: Backport
> Can you include some more information about the backport, i.e. the
> version the patch was backported from, in the Upstream-Status: field so
> that it's easier to determine why this patch isn't required in jethro
> and master?
This patch is needed for master and jethro. I've already sent the patch
for them. For fido is slight different because it needed 2 patches
instead of one, nevertheless, I will add this information to the patch.
Mariano
prev parent reply other threads:[~2016-03-10 20:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-08 10:26 [PATCH] dhcp: CVE-2015-8605 mariano.lopez
2016-03-08 19:34 ` Mariano Lopez
2016-03-09 21:09 ` Joshua G Lock
2016-03-10 20:16 ` Mariano Lopez [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56E1D62E.8030504@linux.intel.com \
--to=mariano.lopez@linux.intel.com \
--cc=joshua.g.lock@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.