Accepting request 717917 from home:pmonrealgonzalez:branches:network:utilities
- Security fix [bsc#1142439, CVE-2019-1010220] * Buffer Over-read in print_prefix which may expose data * Added tcpdump-CVE-2019-1010220.patch - Use %license macro for LICENSE file - Security fix [bsc#1068716, CVE-2017-16808] * Heap-based buffer over-read related to aoe_print and lookup_emem * Added tcpdump-CVE-2017-16808.patch OBS-URL: https://build.opensuse.org/request/show/717917 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=47
This commit is contained in:
parent
67d1704457
commit
b8ec7e7489
26
tcpdump-CVE-2017-16808.patch
Normal file
26
tcpdump-CVE-2017-16808.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
|
||||
From: Denis Ovsienko <denis@ovsienko.info>
|
||||
Date: Thu, 31 Aug 2017 21:15:37 +0100
|
||||
Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
|
||||
|
||||
In aoev1_reserve_print() check bounds before trying to print an Ethernet
|
||||
address.
|
||||
|
||||
This fixes a buffer over-read discovered by Bhargava Shastry,
|
||||
SecT/TU Berlin.
|
||||
---
|
||||
print-aoe.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/print-aoe.c b/print-aoe.c
|
||||
index 97e93df2e..2c78a55d3 100644
|
||||
--- a/print-aoe.c
|
||||
+++ b/print-aoe.c
|
||||
@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
|
||||
goto invalid;
|
||||
/* addresses */
|
||||
for (i = 0; i < nmacs; i++) {
|
||||
+ ND_TCHECK2(*cp, ETHER_ADDR_LEN);
|
||||
ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
|
||||
cp += ETHER_ADDR_LEN;
|
||||
}
|
28
tcpdump-CVE-2019-1010220.patch
Normal file
28
tcpdump-CVE-2019-1010220.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 Mon Sep 17 00:00:00 2001
|
||||
From: Guy Harris <guy@alum.mit.edu>
|
||||
Date: Sat, 1 Jun 2019 14:42:09 -0700
|
||||
Subject: [PATCH] If decode_prefix6() returns a negative number, don't print
|
||||
buf.
|
||||
|
||||
If it returns a negative number, it hasn't necessarily filled in buf, so
|
||||
just return immediately; this is similar to the IPv4 code path, wherein
|
||||
we just return a negative number, and print nothing, on an error.
|
||||
|
||||
This should fix GitHub issue #763.
|
||||
---
|
||||
print-hncp.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
Index: tcpdump-4.9.2/print-hncp.c
|
||||
===================================================================
|
||||
--- tcpdump-4.9.2.orig/print-hncp.c
|
||||
+++ tcpdump-4.9.2/print-hncp.c
|
||||
@@ -231,6 +231,8 @@ print_prefix(netdissect_options *ndo, co
|
||||
plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
|
||||
} else {
|
||||
plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
|
||||
+ if (plenbytes < 0)
|
||||
+ return plenbytes;
|
||||
}
|
||||
|
||||
ND_PRINT((ndo, "%s", buf));
|
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 23 11:45:46 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Security fix [bsc#1142439, CVE-2019-1010220]
|
||||
* Buffer Over-read in print_prefix which may expose data
|
||||
* Added tcpdump-CVE-2019-1010220.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 23 10:37:17 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Use %license macro for LICENSE file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 23 10:24:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
- Security fix [bsc#1068716, CVE-2017-16808]
|
||||
* Heap-based buffer over-read related to aoe_print and lookup_emem
|
||||
* Added tcpdump-CVE-2017-16808.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 6 11:49:16 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
|
11
tcpdump.spec
11
tcpdump.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package tcpdump
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -32,6 +32,10 @@ Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
|
||||
Patch0: tcpdump-ikev2pI2.patch
|
||||
# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
|
||||
Patch1: tcpdump-CVE-2018-19519.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1068716 CVE-2017-16808 Heap-based buffer over-read related to aoe_print and lookup_emem
|
||||
Patch2: tcpdump-CVE-2017-16808.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1142439 CVE-2019-1010220 Buffer Over-read in print_prefix
|
||||
Patch3: tcpdump-CVE-2019-1010220.patch
|
||||
BuildRequires: libpcap-devel >= %{min_libpcap_version}
|
||||
BuildRequires: libsmi-devel
|
||||
BuildRequires: openssl-devel
|
||||
@ -46,6 +50,8 @@ ethernet. It can be used to debug specific network problems.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"
|
||||
@ -65,7 +71,8 @@ make check %{?_smp_mflags}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc CHANGES CREDITS LICENSE README* *.awk
|
||||
%license LICENSE
|
||||
%doc CHANGES CREDITS README* *.awk
|
||||
%{_mandir}/man?/*
|
||||
%{_sbindir}/tcpdump
|
||||
%ifarch s390 s390x
|
||||
|
Loading…
Reference in New Issue
Block a user