rpms/net-snmp/F-8 net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.135, 1.136
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Tue Jun 10 06:04:33 UTC 2008
- Previous message (by thread): rpms/net-snmp/F-9 net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.149, 1.150
- Next message (by thread): rpms/perl-Class-Inspector/F-9 .cvsignore, 1.9, 1.10 perl-Class-Inspector.spec, 1.18, 1.19 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jsafrane
Update of /cvs/pkgs/rpms/net-snmp/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9107
Modified Files:
net-snmp.spec
Added Files:
net-snmp-5.4.1-hmac-check.patch
net-snmp-5.4.1-perl-snprintf.patch
Log Message:
fix various flaws (CVE-2008-2292 CVE-2008-0960)
net-snmp-5.4.1-hmac-check.patch:
--- NEW FILE net-snmp-5.4.1-hmac-check.patch ---
447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
Reviewed-by: Jan Safranek <jsafrane at redhat.com>
diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
--- net-snmp-5.0.9/snmplib/scapi.c.orig 2008-06-04 10:19:26.000000000 +0200
+++ net-snmp-5.0.9/snmplib/scapi.c 2008-06-04 10:20:45.000000000 +0200
@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
}
+ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+ }
/*
* Generate a full hash of the message, then compare
net-snmp-5.4.1-perl-snprintf.patch:
--- NEW FILE net-snmp-5.4.1-perl-snprintf.patch ---
447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
Reviewed-By: Jan Safranek <jsafrane at redhat.com>
--- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/21 23:19:29 16769
+++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/22 19:22:44 16770
@@ -470,14 +470,16 @@
if (flag == USE_ENUMS) {
for(ep = tp->enums; ep; ep = ep->next) {
if (ep->value == *var->val.integer) {
- strcpy(buf, ep->label);
+ strncpy(buf, ep->label, buf_len);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
}
}
}
if (!len) {
- sprintf(buf,"%ld", *var->val.integer);
+ snprintf(buf, buf_len, "%ld", *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
}
break;
@@ -486,21 +488,25 @@
case ASN_COUNTER:
case ASN_TIMETICKS:
case ASN_UINTEGER:
- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
+ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
case ASN_OCTET_STR:
case ASN_OPAQUE:
- memcpy(buf, (char*)var->val.string, var->val_len);
len = var->val_len;
+ if ( len > buf_len )
+ len = buf_len;
+ memcpy(buf, (char*)var->val.string, len);
break;
case ASN_IPADDRESS:
- ip = (u_char*)var->val.string;
- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
- len = strlen(buf);
- break;
+ ip = (u_char*)var->val.string;
+ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
case ASN_NULL:
break;
@@ -512,14 +518,14 @@
break;
case SNMP_ENDOFMIBVIEW:
- sprintf(buf,"%s", "ENDOFMIBVIEW");
- break;
+ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
+ break;
case SNMP_NOSUCHOBJECT:
- sprintf(buf,"%s", "NOSUCHOBJECT");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
+ break;
case SNMP_NOSUCHINSTANCE:
- sprintf(buf,"%s", "NOSUCHINSTANCE");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
+ break;
case ASN_COUNTER64:
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
@@ -538,19 +544,19 @@
#endif
case ASN_BIT_STR:
- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
+ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
len = strlen(buf);
break;
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case ASN_OPAQUE_FLOAT:
- if (var->val.floatVal)
- sprintf(buf,"%f", *var->val.floatVal);
- break;
+ if (var->val.floatVal)
+ snprintf(buf, buf_len, "%f", *var->val.floatVal);
+ break;
case ASN_OPAQUE_DOUBLE:
- if (var->val.doubleVal)
- sprintf(buf,"%f", *var->val.doubleVal);
- break;
+ if (var->val.doubleVal)
+ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
+ break;
#endif
case ASN_NSAP:
Index: net-snmp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/net-snmp/F-8/net-snmp.spec,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -r1.135 -r1.136
--- net-snmp.spec 14 Feb 2008 11:48:56 -0000 1.135
+++ net-snmp.spec 10 Jun 2008 06:03:51 -0000 1.136
@@ -7,7 +7,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: %{major_ver}
-Release: 6%{?dist}
+Release: 7%{?dist}
Epoch: 1
License: BSD and CMU
@@ -38,6 +38,9 @@
Patch14: net-snmp-5.4-exec-crash.patch
Patch15: net-snmp-5.1.2-snmpconf-selinux.patch
Patch16: net-snmp-5.4.1-xen-crash.patch
+Patch17: net-snmp-5.4.1-hmac-check.patch
+Patch18: net-snmp-5.4.1-perl-snprintf.patch
+
Requires(pre): /sbin/chkconfig
Requires(post): /sbin/chkconfig
@@ -151,6 +154,8 @@
%patch14 -p1 -b .exec
%patch15 -p1 -b .selinux
%patch16 -p0 -b .xen-crash
+%patch17 -p1 -b .hmac-check
+%patch18 -p3 -b .perl-snprintf
# Do this patch with a perl hack...
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -360,6 +365,9 @@
%{_libdir}/lib*.so.*
%changelog
+* Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-7
+- fix various flaws (CVE-2008-2292 CVE-2008-0960)
+
* Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-6
- fixing ipNetToMediaNetAddress to show IP address (#432780)
- Previous message (by thread): rpms/net-snmp/F-9 net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.149, 1.150
- Next message (by thread): rpms/perl-Class-Inspector/F-9 .cvsignore, 1.9, 1.10 perl-Class-Inspector.spec, 1.18, 1.19 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list