[dizzy][PATCH] bind9.9.5: CVE-2015-5477

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [dizzy][PATCH] bind9.9.5: CVE-2015-5477
@ 2015-07-30 11:48 Sona Sarmadi
  2015-08-20  1:02 ` akuster808
  0 siblings, 1 reply; 2+ messages in thread
From: Sona Sarmadi @ 2015-07-30 11:48 UTC (permalink / raw)
  To: openembedded-core

Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 .../bind/bind/bind9_9_5-CVE-2015-5477.patch        | 45 ++++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.9.5.bb       |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch

diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
new file mode 100644
index 0000000..896272a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
+From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 14 Jul 2015 14:48:42 +1000
+Subject: [PATCH] 4165.   [bug]           An failure to reset a value to NULL
+ in tkey.c could                         result in an assertion failure.
+ (CVE-2015-5477)                         [RT #40046]
+
+Upstream-Status: Backport
+[CHANGES file has been edited manually to add CVE-2015-5477 and
+an already applied CVE (CVE-2014-8500)].
+
+Referenc: https://kb.isc.org/article/AA-01272
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES	2014-01-27 19:58:24.000000000 +0100
++++ b/CHANGES	2015-07-30 11:03:18.871670769 +0200
+@@ -1,4 +1,15 @@
+ 	--- 9.9.5 released ---
++4165.   [security]      An failure to reset a value to NULL in tkey.c could
++                        result in an assertion failure. (CVE-2015-5477)
++                        [RT #40046]
++
++4006.   [security]      A flaw in delegation handling could be exploited
++                        to put named into an infinite loop.  This has
++                        been addressed by placing limits on the number
++                        of levels of recursion named will allow (default 7),
++                        and the number of iterative queries that it will
++                        send (default 50) before terminating a recursive
++                        query (CVE-2014-8500).
+ 
+ 	--- 9.9.5rc2 released ---
+ 
+diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
+--- a/lib/dns/tkey.c	2014-01-27 19:58:24.000000000 +0100
++++ b/lib/dns/tkey.c	2015-07-30 10:58:30.647945942 +0200
+@@ -650,6 +650,7 @@
+ 		 * Try the answer section, since that's where Win2000
+ 		 * puts it.
+ 		 */
++		name = NULL;
+ 		if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+ 					 dns_rdatatype_tkey, 0, &name,
+ 					 &tkeyset) != ISC_R_SUCCESS) {
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
index 8e04f8a..e206cc4 100644
--- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://bind9 \
            file://init.d-add-support-for-read-only-rootfs.patch \
            file://bind9_9_5-CVE-2014-8500.patch \
+           file://bind9_9_5-CVE-2015-5477.patch \
 	   "
 
 SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [dizzy][PATCH] bind9.9.5: CVE-2015-5477
  2015-07-30 11:48 [dizzy][PATCH] bind9.9.5: CVE-2015-5477 Sona Sarmadi
@ 2015-08-20  1:02 ` akuster808
  0 siblings, 0 replies; 2+ messages in thread
From: akuster808 @ 2015-08-20  1:02 UTC (permalink / raw)
  To: Sona Sarmadi, openembedded-core

On 7/30/15 4:48 AM, Sona Sarmadi wrote:
> Fixed a flaw in the way BIND handled requests for TKEY
> DNS resource records.
>
> References:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
> https://kb.isc.org/article/AA-01272
>
> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>

Merged to staging.

thanks,
Armin
> ---
>  .../bind/bind/bind9_9_5-CVE-2015-5477.patch        | 45 ++++++++++++++++++++++
>  meta/recipes-connectivity/bind/bind_9.9.5.bb       |  1 +
>  2 files changed, 46 insertions(+)
>  create mode 100644 meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
>
> diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
> new file mode 100644
> index 0000000..896272a
> --- /dev/null
> +++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
> @@ -0,0 +1,45 @@
> +From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
> +From: Mark Andrews <marka@isc.org>
> +Date: Tue, 14 Jul 2015 14:48:42 +1000
> +Subject: [PATCH] 4165.   [bug]           An failure to reset a value to NULL
> + in tkey.c could                         result in an assertion failure.
> + (CVE-2015-5477)                         [RT #40046]
> +
> +Upstream-Status: Backport
> +[CHANGES file has been edited manually to add CVE-2015-5477 and
> +an already applied CVE (CVE-2014-8500)].
> +
> +Referenc: https://kb.isc.org/article/AA-01272
> +
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +
> +diff -ruN a/CHANGES b/CHANGES
> +--- a/CHANGES	2014-01-27 19:58:24.000000000 +0100
> ++++ b/CHANGES	2015-07-30 11:03:18.871670769 +0200
> +@@ -1,4 +1,15 @@
> + 	--- 9.9.5 released ---
> ++4165.   [security]      An failure to reset a value to NULL in tkey.c could
> ++                        result in an assertion failure. (CVE-2015-5477)
> ++                        [RT #40046]
> ++
> ++4006.   [security]      A flaw in delegation handling could be exploited
> ++                        to put named into an infinite loop.  This has
> ++                        been addressed by placing limits on the number
> ++                        of levels of recursion named will allow (default 7),
> ++                        and the number of iterative queries that it will
> ++                        send (default 50) before terminating a recursive
> ++                        query (CVE-2014-8500).
> + 
> + 	--- 9.9.5rc2 released ---
> + 
> +diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
> +--- a/lib/dns/tkey.c	2014-01-27 19:58:24.000000000 +0100
> ++++ b/lib/dns/tkey.c	2015-07-30 10:58:30.647945942 +0200
> +@@ -650,6 +650,7 @@
> + 		 * Try the answer section, since that's where Win2000
> + 		 * puts it.
> + 		 */
> ++		name = NULL;
> + 		if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
> + 					 dns_rdatatype_tkey, 0, &name,
> + 					 &tkeyset) != ISC_R_SUCCESS) {
> diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
> index 8e04f8a..e206cc4 100644
> --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
> @@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
>             file://bind9 \
>             file://init.d-add-support-for-read-only-rootfs.patch \
>             file://bind9_9_5-CVE-2014-8500.patch \
> +           file://bind9_9_5-CVE-2015-5477.patch \
>  	   "
>  
>  SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-08-20  1:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-30 11:48 [dizzy][PATCH] bind9.9.5: CVE-2015-5477 Sona Sarmadi
2015-08-20  1:02 ` akuster808

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox