Accepting request 655854 from home:pmonrealgonzalez:branches:network:utilities
- Security fix [bsc#1117267, CVE-2018-19519] * Buffer overread in print-hncp.c:print_prefix. * Added patch tcpdump-CVE-2018-19519.patch OBS-URL: https://build.opensuse.org/request/show/655854 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=45
This commit is contained in:
parent
1ee961a873
commit
67d1704457
23
tcpdump-CVE-2018-19519.patch
Normal file
23
tcpdump-CVE-2018-19519.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 32af00b05a6ef573d0b340f97b54c13eb9509dc7 Mon Sep 17 00:00:00 2001
|
||||
From: Pedro Monreal <pmgdeb@gmail.com>
|
||||
Date: Thu, 6 Dec 2018 12:18:38 +0100
|
||||
Subject: [PATCH] CVE-2018-19519 buffer overread. Initialize buf in
|
||||
print-hncp.c:print_prefix.
|
||||
|
||||
---
|
||||
print-hncp.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
Index: tcpdump-4.9.2/print-hncp.c
|
||||
===================================================================
|
||||
--- tcpdump-4.9.2.orig/print-hncp.c
|
||||
+++ tcpdump-4.9.2/print-hncp.c
|
||||
@@ -206,6 +206,8 @@ print_prefix(netdissect_options *ndo, co
|
||||
int plenbytes;
|
||||
char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
|
||||
|
||||
+ buf[0] = '\0';
|
||||
+
|
||||
if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
|
||||
is_ipv4_mapped_address(&prefix[1])) {
|
||||
struct in_addr addr;
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 6 11:49:16 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Security fix [bsc#1117267, CVE-2018-19519]
|
||||
* Buffer overread in print-hncp.c:print_prefix.
|
||||
* Added patch tcpdump-CVE-2018-19519.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 12 15:23:04 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package tcpdump
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -30,6 +30,8 @@ Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
|
||||
Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
|
||||
# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test
|
||||
Patch0: tcpdump-ikev2pI2.patch
|
||||
# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
|
||||
Patch1: tcpdump-CVE-2018-19519.patch
|
||||
BuildRequires: libpcap-devel >= %{min_libpcap_version}
|
||||
BuildRequires: libsmi-devel
|
||||
BuildRequires: openssl-devel
|
||||
@ -43,6 +45,7 @@ ethernet. It can be used to debug specific network problems.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"
|
||||
|
Loading…
Reference in New Issue
Block a user