aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-04-06 16:32:23 +0200
committerLeo <thinkabit.ukim@gmail.com>2021-04-06 21:58:08 +0000
commitd89d1a231c44f0771aeae4b6a19cc690611fc9b7 (patch)
tree3187bade0865765443d1b863153bc98556d6fd20
parentcf8754e1bd78cd89245efa5e1a6f3d71911da86c (diff)
downloadaports-d89d1a231c44f0771aeae4b6a19cc690611fc9b7.tar.gz
aports-d89d1a231c44f0771aeae4b6a19cc690611fc9b7.tar.bz2
aports-d89d1a231c44f0771aeae4b6a19cc690611fc9b7.tar.xz
main/bind: patch CVE-2020-8625
-rw-r--r--main/bind/APKBUILD6
-rw-r--r--main/bind/CVE-2020-8625.patch45
2 files changed, 50 insertions, 1 deletions
diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD
index 24a0d11495..2ab5fcb3fd 100644
--- a/main/bind/APKBUILD
+++ b/main/bind/APKBUILD
@@ -10,7 +10,7 @@ _ver=${pkgver%_p*}
_p=${pkgver#*_p}
_major=${pkgver%%.*}
[ "$_p" != "$pkgver" ] && _ver="$_ver-P$_p"
-pkgrel=1
+pkgrel=2
pkgdesc="The ISC DNS server"
url="https://www.isc.org/"
arch="all"
@@ -49,6 +49,7 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc
"
source="
https://downloads.isc.org/isc/bind$_major/$_ver/bind-$_ver.tar.xz
+ CVE-2020-8625.patch
bind.plugindir.patch
bind.so_bsdcompat.patch
named.initd
@@ -60,6 +61,8 @@ source="
"
# secfixes:
+# 9.16.11-r2:
+# - CVE-2020-8625
# 9.16.6-r0:
# - CVE-2020-8620
# - CVE-2020-8621
@@ -255,6 +258,7 @@ _gpgfingerprints="
"
sha512sums="5ed632df7c74f5e6693db9b378450ea3073b8002e9924df1d0465f8b8edb933df3a853d3965a290a0477a67ca2bfa79f679d7e344db08a65462860c58d04dc1b bind-9.16.11.tar.xz
+ca726f08e0ad939dd78fae9a6e30c0f2dfab0ce9a4ec0da79570820fe05481c705d51791952ad258fde3446f5f11217459aa2e09f025c5cd264c3c0fed4f2a7f CVE-2020-8625.patch
2b32d1e7f62cd1e01bb4fdd92d15460bc14761b933d5acc463a91f5ecd4773d7477c757c5dd2738e8e433693592cf3f623ffc142241861c91848f01aa84640d6 bind.plugindir.patch
7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6 bind.so_bsdcompat.patch
53db80f7ee4902f42fb1d0bc959242bcb6f20d95256bda99ce2c206af8b4703c7f72bb26d026c633f70451b84a37c3946b210951e34dd5d6620b181cd0183de4 named.initd
diff --git a/main/bind/CVE-2020-8625.patch b/main/bind/CVE-2020-8625.patch
new file mode 100644
index 0000000000..143b6b3841
--- /dev/null
+++ b/main/bind/CVE-2020-8625.patch
@@ -0,0 +1,45 @@
+From b04cb88462863d762093760ffcfe1946200e30f5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
+Date: Thu, 7 Jan 2021 10:44:46 +0100
+Subject: [PATCH] Fix off-by-one bug in ISC SPNEGO implementation
+
+The ISC SPNEGO implementation is based on mod_auth_kerb code. When
+CVE-2006-5989 was disclosed, the relevant fix was not applied to the
+BIND 9 codebase, making the latter vulnerable to the aforementioned flaw
+when "tkey-gssapi-keytab" or "tkey-gssapi-credential" is set in
+named.conf.
+
+The original description of CVE-2006-5989 was:
+
+ Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
+ allows remote attackers to cause a denial of service (crash) via a
+ crafted Kerberos message that triggers a heap-based buffer overflow
+ in the component array.
+
+Later research revealed that this flaw also theoretically enables remote
+code execution, though achieving the latter in real-world conditions is
+currently deemed very difficult.
+
+This vulnerability was responsibly reported as ZDI-CAN-12302 ("ISC BIND
+TKEY Query Heap-based Buffer Overflow Remote Code Execution
+Vulnerability") by Trend Micro Zero Day Initiative.
+---
+ lib/dns/spnego.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
+index e61d1c600f..753dc8049f 100644
+--- a/lib/dns/spnego.c
++++ b/lib/dns/spnego.c
+@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
+ return (ASN1_OVERRUN);
+ }
+
+- data->components = malloc(len * sizeof(*data->components));
++ data->components = malloc((len + 1) * sizeof(*data->components));
+ if (data->components == NULL) {
+ return (ENOMEM);
+ }
+--
+GitLab
+