diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-10-24 23:44:42 -0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-28 20:59:23 +0000 |
| commit | ddbe1950281feebd3fb30c7057104c724577c6a8 (patch) | |
| tree | d936a49d08ef96983cc73ac1af0421ad3df86390 | |
| parent | 371e976514cfea6e878f60b34c6364fdd04ceccd (diff) | |
main/nmap: fix CVE-2018-15173 and CVE-2017-18594
ref #10899
Closes !813
| -rw-r--r-- | main/nmap/APKBUILD | 16 | ||||
| -rw-r--r-- | main/nmap/CVE-2017-18594.patch | 30 | ||||
| -rw-r--r-- | main/nmap/CVE-2018-15173.patch | 34 |
3 files changed, 77 insertions, 3 deletions
diff --git a/main/nmap/APKBUILD b/main/nmap/APKBUILD index 82876074d89..41ab3ae86fa 100644 --- a/main/nmap/APKBUILD +++ b/main/nmap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=nmap pkgver=7.70 -pkgrel=1 +pkgrel=2 pkgdesc="A network exploration tool and security/port scanner" url="http://nmap.org" arch="all" @@ -16,9 +16,17 @@ subpackages=" $pkgname-nping $pkgname-ncat" source="http://nmap.org/dist/$pkgname-$pkgver.tar.bz2 - fortify-source.patch" + fortify-source.patch + CVE-2017-18594.patch + CVE-2018-15173.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 7.70-r2: +# - CVE-2017-18594 +# - CVE-2018-15173 + prepare() { default_prepare update_config_sub @@ -83,4 +91,6 @@ nping() { } sha512sums="084c148b022ff6550e269d976d0077f7932a10e2ef218236fe13aa3a70b4eb6506df03329868fc68cb3ce78e4360b200f5a7a491d3145028fed679ef1c9ecae5 nmap-7.70.tar.bz2 -2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch" +2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch +a3edb3dc75d4dfa20ebed17b97044f1024b1a9d58145bfc31f3e8bd9d299f047aae47c146866fdfa62fab18383f60dd1ae41091adda0ff7db4a017756886d97d CVE-2017-18594.patch +819b194f533300e05e87efe05bcf8d6964d3fff29c1e9aa8fd2202eddf419733e8cda9984f505ef675a94edc2172d0485f5f5c933e6a1f7759277cc01b52406a CVE-2018-15173.patch" diff --git a/main/nmap/CVE-2017-18594.patch b/main/nmap/CVE-2017-18594.patch new file mode 100644 index 00000000000..d6cbce77e7c --- /dev/null +++ b/main/nmap/CVE-2017-18594.patch @@ -0,0 +1,30 @@ +diff --git a/nse_libssh2.cc b/nse_libssh2.cc +index bf721b6..22f5bbf 100644 +--- a/nse_libssh2.cc ++++ b/nse_libssh2.cc +@@ -13,7 +13,6 @@ extern "C" { + #include "libssh2.h" + } + +-#include "nse_debug.h" + #include "nse_nsock.h" + #include "nse_utility.h" + +@@ -296,6 +295,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) { + + if (rc) { + libssh2_session_free(sshu->session); ++ sshu->session = NULL; + return luaL_error(L, "Unable to complete libssh2 handshake."); + } + +@@ -479,7 +479,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) { + } + + /* +-* Returns list of supported authenication methods ++* Returns list of supported authentication methods + */ + static int l_userauth_list (lua_State *L) { + return userauth_list(L, 0, 0); + diff --git a/main/nmap/CVE-2018-15173.patch b/main/nmap/CVE-2018-15173.patch new file mode 100644 index 00000000000..b9620c4ca43 --- /dev/null +++ b/main/nmap/CVE-2018-15173.patch @@ -0,0 +1,34 @@ +diff --git a/service_scan.cc b/service_scan.cc +index 9780ae3..ec8d48d 100644 +--- a/service_scan.cc ++++ b/service_scan.cc +@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) { + if (pcre_errptr != NULL) + fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr); + ++ // Set some limits to avoid evil match cases. ++ // These are flexible; if they cause problems, increase them. ++#ifdef PCRE_ERROR_MATCHLIMIT ++ regex_extra->match_limit = 100000; // 100K ++#endif ++#ifdef PCRE_ERROR_RECURSIONLIMIT ++ regex_extra->match_limit_recursion = 10000; // 10K ++#endif ++ + free(modestr); + free(flags); + +@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle + if (o.debugging || o.verbose > 1) + error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); + } else ++#endif // PCRE_ERROR_MATCHLIMIT ++#ifdef PCRE_ERROR_RECURSIONLIMIT ++ if (rc == PCRE_ERROR_RECURSIONLIMIT) { ++ if (o.debugging || o.verbose > 1) ++ error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); ++ } else + #endif // PCRE_ERROR_MATCHLIMIT + if (rc != PCRE_ERROR_NOMATCH) { + fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr); + |