* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2

- Applied patch for CVE-2011-1922 DoS vulnerability
This commit is contained in:
Paul Wouters 2011-05-25 15:18:44 -04:00
parent 1eeebaf90f
commit e74f680c47
2 changed files with 17 additions and 1 deletions

View File

@ -0,0 +1,11 @@
diff -Naur unbound-1.4.9/daemon/worker.c unbound-1.4.9-CVE-2011-1922/daemon/worker.c
--- unbound-1.4.9/daemon/worker.c 2010-11-04 08:35:39.000000000 -0400
+++ unbound-1.4.9-CVE-2011-1922/daemon/worker.c 2011-05-25 15:14:04.888288236 -0400
@@ -777,6 +777,7 @@
qinfo.qtype == LDNS_RR_TYPE_IXFR) {
verbose(VERB_ALGO, "worker request: refused zone transfer.");
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+ ldns_buffer_rewind(c->buffer);
LDNS_QR_SET(ldns_buffer_begin(c->buffer));
LDNS_RCODE_SET(ldns_buffer_begin(c->buffer),
LDNS_RCODE_REFUSED);

View File

@ -9,7 +9,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
Version: 1.4.9
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@ -20,6 +20,7 @@ Source4: unbound_munin_
Source5: root.key
Source6: dlv.isc.org.key
Patch1: unbound-1.2-glob.patch
Patch2: unbound-CVE-2011-1922.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -93,6 +94,7 @@ Python modules and extensions for unbound
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \
@ -199,6 +201,9 @@ fi
%postun libs -p /sbin/ldconfig
%changelog
* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2
- Applied patch for CVE-2011-1922 DoS vulnerability
* Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1
- Updated to 1.4.9