Closes: #960458 --- .../0006-security-Fix-for-CVE-2020-1763.patch | 28 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 29 insertions(+) create mode 100644 debian/patches/0006-security-Fix-for-CVE-2020-1763.patch
diff --git a/debian/patches/0006-security-Fix-for-CVE-2020-1763.patch b/debian/patches/0006-security-Fix-for-CVE-2020-1763.patch new file mode 100644 index 000000000000..b689161b4500 --- /dev/null +++ b/debian/patches/0006-security-Fix-for-CVE-2020-1763.patch @@ -0,0 +1,28 @@ +From: "D. Hugh Redelmeier" <h...@mimosa.com> +Date: Thu, 19 Mar 2020 14:21:06 -0400 +Subject: security: Fix for CVE-2020-1763 +Origin: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 +Bug-Debian: https://bugs.debian.org/960458 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-1763 + +pluto will crash on a null pointer dereference when trying to log an error +for an IKEv1 packet containing bogus information and/or flags. + +Signed-off-by: Paul Wouters <pwout...@redhat.com> +[Salvatore Bonaccorso: Backport to 3.29 based on +https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt advisory] +--- + programs/pluto/ikev1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -2160,7 +2160,7 @@ void process_packet_tail(struct msg_dige + "%smessage ignored because it contains a payload type (%s) unexpected by state %s", + excuse, + enum_show(&ikev1_payload_names, np), +- st->st_state_name); ++ (st == NULL) ? "<no state>" : st->st_state_name); + if (!md->encrypted) { + SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE); + } diff --git a/debian/patches/series b/debian/patches/series index 223f63a60df1..34c732b58e44 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 0003-update-README.nss-to-match-debian-defaults-for-IPSEC.patch 0004-move-to-python3-scripts-are-compatible.patch 0005-minor-Fix-spelling-and-grammar.patch +0006-security-Fix-for-CVE-2020-1763.patch -- 2.20.1