CVE-2015-8704 Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
[YOCTO 8966] References: https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704 Signed-off-by: Derek Straka <de...@asterius.io> --- .../bind/bind/CVE-2015-8704.patch | 38 ++++++++++++++++++++++ meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch new file mode 100644 index 0000000..e05327e --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8704.patch @@ -0,0 +1,38 @@ +a buffer size check can cause denial of service under certain circumstances + +[security] +The following flaw in BIND was reported by ISC: + +A buffer size check used to guard against overflow could cause named to exit with an INSIST failure In apl_42.c. + +A server could exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. + +Upstream-Status: Backport +CVE: CVE-2015-8704 + +[The patch is taken from BIND 9.9.8: +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8704] + +Signed-off-by: Derek Straka <de...@asterius.io> +diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c +index bedd38e..28eb7f2 100644 +--- a/lib/dns/rdata/in_1/apl_42.c ++++ b/lib/dns/rdata/in_1/apl_42.c +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; + +@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_region_consume(&sr, 1); + INSIST(len <= sr.length); + n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, +- neg ? "!": "", afi); ++ neg ? "!" : "", afi); + INSIST(n < (int)sizeof(txt)); + RETERR(str_totext(txt, target)); + switch (afi) { diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb index 79b0397..e367172 100644 --- a/meta/recipes-connectivity/bind/bind_9.9.5.bb +++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb @@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://CVE-2015-4620.patch \ file://CVE-2015-5722.patch \ file://CVE-2015-8000.patch \ + file://CVE-2015-8704.patch \ " SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
