Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP
This commit is contained in:
parent
c65c5a7ec6
commit
5b652419af
17
squid-SNMP.patch
Normal file
17
squid-SNMP.patch
Normal file
@ -0,0 +1,17 @@
|
||||
--- squid/src/snmp_core.cc 2014-06-25 16:41:39.000000000 +0200
|
||||
+++ squid/src/snmp_core.cc 2014-09-09 11:52:13.237394779 +0200
|
||||
@@ -375,12 +375,11 @@
|
||||
|
||||
len = comm_udp_recvfrom(sock,
|
||||
buf,
|
||||
- SNMP_REQUEST_SIZE,
|
||||
+ SNMP_REQUEST_SIZE - 1,
|
||||
0,
|
||||
from);
|
||||
|
||||
if (len > 0) {
|
||||
- buf[len] = '\0';
|
||||
debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
|
||||
|
||||
snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 3.4.7
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
@ -33,6 +33,7 @@ Patch203: squid-3.0.STABLE1-perlpath.patch
|
||||
Patch204: squid-3.2.0.9-fpic.patch
|
||||
Patch205: squid-3.1.9-ltdl.patch
|
||||
Patch206: active-ftp.patch
|
||||
Patch207: squid-SNMP.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: bash >= 2.0
|
||||
@ -85,7 +86,6 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
# Upstream patches
|
||||
|
||||
# Backported patches
|
||||
#patch101 -p1 -b .mem_node
|
||||
|
||||
# Local patches
|
||||
%patch201 -p1 -b .config
|
||||
@ -94,6 +94,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
%patch204 -p1 -b .fpic
|
||||
%patch205 -p1 -b .ltdl
|
||||
%patch206 -p1 -b .active-ftp
|
||||
%patch207 -p1 -b .SNMP
|
||||
|
||||
%build
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
@ -290,6 +291,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Sep 11 2014 Michal Luscon <mluscon@redhat.com> - 7:3.4.7-2
|
||||
- Fixed: CVE-2014-6270
|
||||
|
||||
* Thu Aug 28 2014 Michal Luscon <mluscon@redhat.com> - 7:3.4.7-1
|
||||
- Update to latest upstream version
|
||||
- Fixed: CVE-2014-3609
|
||||
|
Loading…
Reference in New Issue
Block a user