From: Roy Li <[email protected]> This fixed the CVE-2015-4047: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
Signed-off-by: Roy Li <[email protected]> Signed-off-by: Martin Jansa <[email protected]> Signed-off-by: Joe MacDonald <[email protected]> Signed-off-by: Armin Kuster <[email protected]> Conflicts: meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb --- .../ipsec-tools/fix-CVE-2015-4047.patch | 36 ++++++++++++++++++++++ .../ipsec-tools/ipsec-tools_0.8.2.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch new file mode 100644 index 0000000..5286376 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch @@ -0,0 +1,36 @@ +[PATCH] fix CVE-2015-4047 + +Upstream-Status: Backport + +http://www.openwall.com/lists/oss-security/2015/05/20/1 + +racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause +a denial of service (NULL pointer dereference and IKE daemon crash) via +a series of crafted UDP requests. + +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047 + +Signed-off-by: Roy Li <[email protected]> +--- + src/racoon/gssapi.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c +index e64b201..1ad3b42 100644 +--- a/src/racoon/gssapi.c ++++ b/src/racoon/gssapi.c +@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1) + gss_name_t princ, canon_princ; + OM_uint32 maj_stat, min_stat; + ++ if (iph1->rmconf == NULL) { ++ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n"); ++ return -1; ++ } ++ + gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); + if (gps == NULL) { + plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); +-- +1.9.1 + diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb index 8cc55ef..c526820 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb @@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV file://racoon-check-invalid-ivm.patch \ file://glibc-2.20.patch \ file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \ + file://fix-CVE-2015-4047.patch \ " SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41" SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d" -- 1.9.1 -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
