import bind-9.11.20-5.el8_3.1

This commit is contained in:
CentOS Sources 2021-03-01 08:56:20 -05:00 committed by Andrew Lukoshko
parent 864e18c0c8
commit cacdacb017
2 changed files with 33 additions and 1 deletions

View File

@ -0,0 +1,27 @@
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 15 Feb 2021 12:18:14 +0100
Subject: [PATCH] CVE-2020-8625
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
(CVE-2020-8625) [GL #2354]
---
lib/dns/spnego.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index dea108b..13cf15d 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
return (ASN1_OVERRUN);
}
- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
if (data->components == NULL) {
return (ENOMEM);
}
--
2.26.2

View File

@ -65,7 +65,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.20
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.1
Epoch: 32
Url: http://www.isc.org/products/BIND/
#
@ -163,6 +163,7 @@ Patch181:bind-9.11-CVE-2020-8623.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8e919cf6e47c4f52612069ac0868f8caa5089e74
Patch182:bind-9.11-CVE-2020-8624.patch
Patch183:bind-9.11-CVE-2020-8624-test.patch
Patch184:bind-9.11-CVE-2020-8625.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -526,6 +527,7 @@ are used for building ISC DHCP.
%patch181 -p1 -b .CVE-2020-8623
%patch182 -p1 -b .CVE-2020-8624
%patch183 -p1 -b .CVE-2020-8624-test
%patch184 -p1 -b .CVE-2020-8625
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1534,6 +1536,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Mon Feb 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-5.1
- Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)
* Tue Aug 18 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-5
- Fix tsig-request verify (CVE-2020-8622)
- Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623)