Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP

This commit is contained in:
Michal Luscon 2014-09-11 10:31:51 +02:00
parent c65c5a7ec6
commit 5b652419af
2 changed files with 23 additions and 2 deletions

17
squid-SNMP.patch Normal file
View File

@ -0,0 +1,17 @@
--- squid/src/snmp_core.cc 2014-06-25 16:41:39.000000000 +0200
+++ squid/src/snmp_core.cc 2014-09-09 11:52:13.237394779 +0200
@@ -375,12 +375,11 @@
len = comm_udp_recvfrom(sock,
buf,
- SNMP_REQUEST_SIZE,
+ SNMP_REQUEST_SIZE - 1,
0,
from);
if (len > 0) {
- buf[len] = '\0';
debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));

View File

@ -2,7 +2,7 @@
Name: squid
Version: 3.4.7
Release: 1%{?dist}
Release: 2%{?dist}
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@ -33,6 +33,7 @@ Patch203: squid-3.0.STABLE1-perlpath.patch
Patch204: squid-3.2.0.9-fpic.patch
Patch205: squid-3.1.9-ltdl.patch
Patch206: active-ftp.patch
Patch207: squid-SNMP.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0
@ -85,7 +86,6 @@ lookup program (dnsserver), a program for retrieving FTP data
# Upstream patches
# Backported patches
#patch101 -p1 -b .mem_node
# Local patches
%patch201 -p1 -b .config
@ -94,6 +94,7 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch204 -p1 -b .fpic
%patch205 -p1 -b .ltdl
%patch206 -p1 -b .active-ftp
%patch207 -p1 -b .SNMP
%build
%ifarch sparcv9 sparc64 s390 s390x
@ -290,6 +291,9 @@ fi
%changelog
* Thu Sep 11 2014 Michal Luscon <mluscon@redhat.com> - 7:3.4.7-2
- Fixed: CVE-2014-6270
* Thu Aug 28 2014 Michal Luscon <mluscon@redhat.com> - 7:3.4.7-1
- Update to latest upstream version
- Fixed: CVE-2014-3609