diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-10-24 23:50:22 -0300 |
---|---|---|
committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-28 20:59:13 +0000 |
commit | c6bb37d9b3b97ad919485aa1bdc99206d3f41a5b (patch) | |
tree | d28de8da2eea7cec633b34d526da78e16998bbfd | |
parent | bac59df7da74c2932027eda4e6ae0f0d29a54746 (diff) |
main/nmap: fix CVE-2018-15173 and CVE-2017-18594
ref #10899
Closes !814
-rw-r--r-- | main/nmap/APKBUILD | 16 | ||||
-rw-r--r-- | main/nmap/CVE-2017-18594.patch | 30 | ||||
-rw-r--r-- | main/nmap/CVE-2018-15173.patch | 34 |
3 files changed, 77 insertions, 3 deletions
diff --git a/main/nmap/APKBUILD b/main/nmap/APKBUILD index 5254d983ed4..3bf70046291 100644 --- a/main/nmap/APKBUILD +++ b/main/nmap/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=nmap pkgver=7.60 -pkgrel=2 +pkgrel=3 pkgdesc="A network exploration tool and security/port scanner" url="http://nmap.org" arch="all" @@ -16,9 +16,17 @@ subpackages=" $pkgname-nping $pkgname-ncat" source="http://nmap.org/dist/$pkgname-$pkgver.tar.bz2 - fortify-source.patch" + fortify-source.patch + CVE-2017-18594.patch + CVE-2018-15173.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 7.60-r3: +# - CVE-2017-18594 +# - CVE-2018-15173 + prepare() { default_prepare update_config_sub @@ -83,4 +91,6 @@ nping() { } sha512sums="74ba8f6de026ade9ee6bb2252bee18a57210f8207977df7f1c04556629dcdc1e6127f33febc8a52ef88a1dac876116d590564dee4f1c23798c3ac37529991aa4 nmap-7.60.tar.bz2 -2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch" +2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch +a3edb3dc75d4dfa20ebed17b97044f1024b1a9d58145bfc31f3e8bd9d299f047aae47c146866fdfa62fab18383f60dd1ae41091adda0ff7db4a017756886d97d CVE-2017-18594.patch +9e439f09e9499a5664aa376273c84cdfc12f9c6854ed218e63c1a48fb76e5a63a8410bc946c4f2dbcb47784161bb75b0c7f45706b83845ec6f612790382bb4e2 CVE-2018-15173.patch" diff --git a/main/nmap/CVE-2017-18594.patch b/main/nmap/CVE-2017-18594.patch new file mode 100644 index 00000000000..d6cbce77e7c --- /dev/null +++ b/main/nmap/CVE-2017-18594.patch @@ -0,0 +1,30 @@ +diff --git a/nse_libssh2.cc b/nse_libssh2.cc +index bf721b6..22f5bbf 100644 +--- a/nse_libssh2.cc ++++ b/nse_libssh2.cc +@@ -13,7 +13,6 @@ extern "C" { + #include "libssh2.h" + } + +-#include "nse_debug.h" + #include "nse_nsock.h" + #include "nse_utility.h" + +@@ -296,6 +295,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) { + + if (rc) { + libssh2_session_free(sshu->session); ++ sshu->session = NULL; + return luaL_error(L, "Unable to complete libssh2 handshake."); + } + +@@ -479,7 +479,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) { + } + + /* +-* Returns list of supported authenication methods ++* Returns list of supported authentication methods + */ + static int l_userauth_list (lua_State *L) { + return userauth_list(L, 0, 0); + diff --git a/main/nmap/CVE-2018-15173.patch b/main/nmap/CVE-2018-15173.patch new file mode 100644 index 00000000000..4b066dbd97c --- /dev/null +++ b/main/nmap/CVE-2018-15173.patch @@ -0,0 +1,34 @@ +diff --git a/service_scan.cc b/service_scan.cc +index 1273513..0a431d6 100644 +--- a/service_scan.cc ++++ b/service_scan.cc +@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) { + if (pcre_errptr != NULL) + fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr); + ++ // Set some limits to avoid evil match cases. ++ // These are flexible; if they cause problems, increase them. ++#ifdef PCRE_ERROR_MATCHLIMIT ++ regex_extra->match_limit = 100000; // 100K ++#endif ++#ifdef PCRE_ERROR_RECURSIONLIMIT ++ regex_extra->match_limit_recursion = 10000; // 10K ++#endif ++ + free(modestr); + free(flags); + +@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle + if (o.debugging || o.verbose > 1) + error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); + } else ++#endif // PCRE_ERROR_MATCHLIMIT ++#ifdef PCRE_ERROR_RECURSIONLIMIT ++ if (rc == PCRE_ERROR_RECURSIONLIMIT) { ++ if (o.debugging || o.verbose > 1) ++ error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr); ++ } else + #endif // PCRE_ERROR_MATCHLIMIT + if (rc != PCRE_ERROR_NOMATCH) { + fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr); + |