From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 01/20] libtasn1: CVE-2015-3622
Date: Sat, 9 Jan 2016 16:30:27 -0800 [thread overview]
Message-ID: <24bdb7199d1d3cb9164d7e126f6a49e933eade43.1452385571.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1452385571.git.akuster808@gmail.com>
In-Reply-To: <cover.1452385571.git.akuster808@gmail.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=a, Size: 2869 bytes --]
From: Sona Sarmadi <sona.sarmadi@enea.com>
_asn1_extract_der_octet: prevent past of boundary access
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
.../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch | 44 ++++++++++++++++++++++
meta/recipes-support/gnutls/libtasn1_4.0.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
new file mode 100644
index 0000000..0989ef6
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
+From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 20 Apr 2015 14:56:27 +0200
+Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
+
+Fixes CVE-2015-3622.
+Upstream-Status: Backport
+
+Reported by Hanno Böck.
+---
+ lib/decoding.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 7fbd931..42ddc6b 100644
+--- a/lib/decoding.c
++++ b/lib/decoding.c
+@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ return ASN1_DER_ERROR;
+
+ counter = len3 + 1;
++ DECR_LEN(der_len, len3);
+
+ if (len2 == -1)
+ counter_end = der_len - 2;
+@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+
+ while (counter < counter_end)
+ {
++ DECR_LEN(der_len, 1);
+ len2 = asn1_get_length_der (der + counter, der_len, &len3);
+
+ if (IS_ERR(len2, flags))
+@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der,
+ len2 = 0;
+ }
+
+- DECR_LEN(der_len, 1);
+ counter += len2 + len3 + 1;
+ }
+
+--
+1.7.2.5
+
diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb b/meta/recipes-support/gnutls/libtasn1_4.0.bb
index 289833ec..16cf4d6 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
file://libtasn1_fix_for_automake_1.12.patch \
file://dont-depend-on-help2man.patch \
+ file://libtasn1-CVE-2015-3622.patch \
"
SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"
--
1.9.1
next prev parent reply other threads:[~2016-01-10 0:31 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-10 0:30 [PATCH 00/20] Dizzy-next pull request 2016-1 Armin Kuster
2016-01-10 0:30 ` Armin Kuster [this message]
2016-01-10 0:30 ` [PATCH 02/20] grep2.19: CVE-2015-1345 Armin Kuster
2016-01-10 0:30 ` [PATCH 03/20] rsync: backport libattr checking patch Armin Kuster
2016-01-10 0:30 ` [PATCH 04/20] openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 Armin Kuster
2016-01-10 0:30 ` [PATCH 05/20] fontcache: allow to pass extra parameters and environment to fc-cache Armin Kuster
2016-01-10 0:30 ` [PATCH 06/20] image.bbclass: don't let do_rootfs depend on BUILDNAME Armin Kuster
2016-01-10 0:30 ` [PATCH 07/20] layer.conf: Add several allarch dependency exclusions Armin Kuster
2016-01-10 0:30 ` [PATCH 08/20] layer.conf: Add missing dependency for allarch package initramfs-framework Armin Kuster
2016-01-10 0:30 ` [PATCH 09/20] allarch: Force TARGET_*FLAGS variable values Armin Kuster
2016-01-10 0:30 ` [PATCH 10/20] texinfo: don't create dependency on INHERIT variable Armin Kuster
2016-01-10 0:30 ` [PATCH 11/20] linux-dtb.inc: drop unused DTB_NAME variable from do_install Armin Kuster
2016-01-10 0:30 ` [PATCH 12/20] glibc: use patch for CVE-2015-1781 Armin Kuster
2016-01-10 0:30 ` [PATCH 13/20] libxml2: CVE-2015-7942 Armin Kuster
2016-01-10 0:30 ` [PATCH 14/20] unzip: CVE-2015-7696, CVE-2015-7697 Armin Kuster
2016-01-10 0:30 ` [PATCH 15/20] libxml2: CVE-2015-8035 Armin Kuster
2016-01-10 0:30 ` [PATCH 16/20] openssl: CVE-2015-3194, CVE-2015-3195 Armin Kuster
2016-01-10 0:30 ` [PATCH 17/20] libxml2: CVE-2015-8241 Armin Kuster
2016-01-10 0:30 ` [PATCH 18/20] Fixes a heap buffer overflow in glibc wscanf Armin Kuster
2016-01-10 0:30 ` [PATCH 19/20] grub2: Fix CVE-2015-8370 Armin Kuster
2016-01-10 0:30 ` [PATCH 20/20] bind: CVE-2015-8000 Armin Kuster
2016-01-21 11:57 ` [PATCH 00/20] Dizzy-next pull request 2016-1 Martin Jansa
2016-01-27 11:33 ` Martin Jansa
2016-01-30 2:44 ` akuster808
2016-01-30 9:08 ` Martin Jansa
2016-01-30 12:06 ` Richard Purdie
2016-01-30 12:37 ` Martin Jansa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=24bdb7199d1d3cb9164d7e126f6a49e933eade43.1452385571.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox