Source: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d MR: 122537 Type: Security Fix Disposition: Backport from https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d ChangeID: f93f9a7755124934083d77cf9334fffb32a0c220 Description: CVE-2022-38178 bind: Free ctx on invalid siglen
Signed-off-by: Vivek Kumbhar <[email protected]> --- .../bind/bind/0001-CVE-2022-38178.patch | 28 +++++++++++++++++++ .../recipes-connectivity/bind/bind_9.11.22.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch diff --git a/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch new file mode 100644 index 0000000000..bf48dd69a1 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch @@ -0,0 +1,28 @@ +From cedf585da4809d1bde70cfe800d0f15e3cdccb58 Mon Sep 17 00:00:00 2001 +From: Vivek Kumbhar <[email protected]> +Date: Sun, 9 Oct 2022 19:54:32 +0530 +Subject: [PATCH] CVE-2022-38178 + +Upstream-Status: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec +CVE: CVE-2022-38178 +Signed-off-by: Vivek Kumbhar <[email protected]> +--- + lib/dns/openssleddsa_link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c +index 76c7737..295f08e 100644 +--- a/lib/dns/openssleddsa_link.c ++++ b/lib/dns/openssleddsa_link.c +@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + siglen = DNS_SIG_ED448SIZE; + + if (sig->length != siglen) +- return (DST_R_VERIFYFAILURE); ++ DST_RET(DST_R_VERIFYFAILURE); + + isc_buffer_usedregion(buf, &tbsreg); + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb index 3b4a299b36..b075d01e2b 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.22.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb @@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ file://0001-avoid-start-failure-with-bind-user.patch \ + file://0001-CVE-2022-38178.patch \ " SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99110): https://lists.openembedded.org/g/openembedded-devel/message/99110 Mute This Topic: https://lists.openembedded.org/mt/94217455/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
