rpms
/
bind
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import bind-9.11.20-5.el8_3.1

Browse Source
c8 imports/c8/bind-9.11.20-5.el8_3.1
CentOS Sources 2 years ago committed by Andrew Lukoshko
parent 864e18c0c8
commit cacdacb017
2 changed files with 33 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 27
      SOURCES/bind-9.11-CVE-2020-8625.patch
  2. 7
      SPECS/bind.spec

27
SOURCES/bind-9.11-CVE-2020-8625.patch
Unescape View File

@ -0,0 +1,27 @@
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 15 Feb 2021 12:18:14 +0100
Subject: [PATCH] CVE-2020-8625
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
(CVE-2020-8625) [GL #2354]
---
lib/dns/spnego.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index dea108b..13cf15d 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
return (ASN1_OVERRUN);
}
- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
if (data->components == NULL) {
return (ENOMEM);
}
--
2.26.2

7
SPECS/bind.spec
Unescape View File

@ -65,7 +65,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.20
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.1
Epoch: 32
Url: http://www.isc.org/products/BIND/
#
@ -163,6 +163,7 @@ Patch181:bind-9.11-CVE-2020-8623.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8e919cf6e47c4f52612069ac0868f8caa5089e74
Patch182:bind-9.11-CVE-2020-8624.patch
Patch183:bind-9.11-CVE-2020-8624-test.patch
Patch184:bind-9.11-CVE-2020-8625.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -526,6 +527,7 @@ are used for building ISC DHCP.
%patch181 -p1 -b .CVE-2020-8623
%patch182 -p1 -b .CVE-2020-8624
%patch183 -p1 -b .CVE-2020-8624-test
%patch184 -p1 -b .CVE-2020-8625
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1534,6 +1536,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Mon Feb 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-5.1
- Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)
* Tue Aug 18 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-5
- Fix tsig-request verify (CVE-2020-8622)
- Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623)

Write Preview
Loading…
Cancel
Save