import bind-9.11.36-3.el8_6.1
This commit is contained in:
parent
d8d371d1e8
commit
2ce979a606
27
SOURCES/bind-9.16-CVE-2022-38177.patch
Normal file
27
SOURCES/bind-9.16-CVE-2022-38177.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 0095b8a6b09173ab5eb48611dc0233d2a6337dc1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Mensik <pemensik@redhat.com>
|
||||||
|
Date: Tue, 20 Sep 2022 11:21:45 +0200
|
||||||
|
Subject: [PATCH] Fix CVE-2022-38177
|
||||||
|
|
||||||
|
5961. [security] Fix memory leak in ECDSA verify processing.
|
||||||
|
(CVE-2022-38177) [GL #3487]
|
||||||
|
---
|
||||||
|
lib/dns/opensslecdsa_link.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
|
||||||
|
index 83b5b51..7576e04 100644
|
||||||
|
--- a/lib/dns/opensslecdsa_link.c
|
||||||
|
+++ b/lib/dns/opensslecdsa_link.c
|
||||||
|
@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
||||||
|
siglen = DNS_SIG_ECDSA384SIZE;
|
||||||
|
|
||||||
|
if (sig->length != siglen)
|
||||||
|
- return (DST_R_VERIFYFAILURE);
|
||||||
|
+ DST_RET(DST_R_VERIFYFAILURE);
|
||||||
|
|
||||||
|
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
|
||||||
|
DST_RET (dst__openssl_toresult3(dctx->category,
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
27
SOURCES/bind-9.16-CVE-2022-38178.patch
Normal file
27
SOURCES/bind-9.16-CVE-2022-38178.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From bb68864bf05d29df644427ec841bc3db6a336519 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Mensik <pemensik@redhat.com>
|
||||||
|
Date: Tue, 20 Sep 2022 11:22:47 +0200
|
||||||
|
Subject: [PATCH] Fix CVE-2022-38178
|
||||||
|
|
||||||
|
5962. [security] Fix memory leak in EdDSA verify processing.
|
||||||
|
(CVE-2022-38178) [GL #3487]
|
||||||
|
---
|
||||||
|
lib/dns/openssleddsa_link.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
|
||||||
|
index 8b115ec..4f3c2a8 100644
|
||||||
|
--- a/lib/dns/openssleddsa_link.c
|
||||||
|
+++ b/lib/dns/openssleddsa_link.c
|
||||||
|
@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
|
||||||
|
siglen = DNS_SIG_ED448SIZE;
|
||||||
|
|
||||||
|
if (sig->length != siglen)
|
||||||
|
- return (DST_R_VERIFYFAILURE);
|
||||||
|
+ DST_RET(DST_R_VERIFYFAILURE);
|
||||||
|
|
||||||
|
isc_buffer_usedregion(buf, &tbsreg);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
@ -68,7 +68,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
|||||||
Name: bind
|
Name: bind
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
Version: 9.11.36
|
Version: 9.11.36
|
||||||
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.1
|
||||||
Epoch: 32
|
Epoch: 32
|
||||||
Url: https://www.isc.org/downloads/bind/
|
Url: https://www.isc.org/downloads/bind/
|
||||||
#
|
#
|
||||||
@ -158,6 +158,8 @@ Patch178:bind-9.11-dhcp-time-monotonic.patch
|
|||||||
Patch183:bind-9.11-rh1980757.patch
|
Patch183:bind-9.11-rh1980757.patch
|
||||||
# modified, https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3067
|
# modified, https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3067
|
||||||
Patch184: bind-9.15-resolver-ntasks.patch
|
Patch184: bind-9.15-resolver-ntasks.patch
|
||||||
|
Patch188: bind-9.16-CVE-2022-38177.patch
|
||||||
|
Patch189: bind-9.16-CVE-2022-38178.patch
|
||||||
|
|
||||||
# SDB patches
|
# SDB patches
|
||||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||||
@ -553,6 +555,8 @@ are used for building ISC DHCP.
|
|||||||
%patch178 -p1 -b .time-monotonic
|
%patch178 -p1 -b .time-monotonic
|
||||||
%patch183 -p1 -b .rh1980757
|
%patch183 -p1 -b .rh1980757
|
||||||
%patch184 -p1 -b .rh2030239
|
%patch184 -p1 -b .rh2030239
|
||||||
|
%patch188 -p1 -b .CVE-2022-38177
|
||||||
|
%patch189 -p1 -b .CVE-2022-38178
|
||||||
|
|
||||||
mkdir lib/dns/tests/testdata/dstrandom
|
mkdir lib/dns/tests/testdata/dstrandom
|
||||||
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
||||||
@ -1605,7 +1609,11 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Feb 10 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-2
|
* Thu Sep 22 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-3.1
|
||||||
|
- Fix memory leak in ECDSA verify processing (CVE-2022-38177)
|
||||||
|
- Fix memory leak in EdDSA verify processing (CVE-2022-38178)
|
||||||
|
|
||||||
|
* Thu Feb 10 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-3
|
||||||
- Reduce memory used per-view on machine with few processors (#2030239)
|
- Reduce memory used per-view on machine with few processors (#2030239)
|
||||||
|
|
||||||
* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-2
|
* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-2
|
||||||
|
Loading…
Reference in New Issue
Block a user