[iputils/f13/master] * Thu Aug 05 2010 Jiri Skala <jskala at redhat.com> - 20071127-12 - fixes #617613 - CVE-2010-2529 iputi

Jiri Skala jskala at fedoraproject.org
Thu Aug 5 08:14:56 UTC 2010 

commit f7c6b413b17b9194d693a6a6ce0b0ff56102c77f
Author: Jiri Skala <jskala at localhost.localdomain>
Date:   Thu Aug 5 10:14:50 2010 +0200

    * Thu Aug 05 2010 Jiri Skala <jskala at redhat.com> - 20071127-12
    - fixes #617613 - CVE-2010-2529 iputils: denial of service vulnerability in ping

 iputils-20071127-dos.patch |   21 +++++++++++++++++++++
 iputils.spec               |    7 ++++++-
 2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/iputils-20071127-dos.patch b/iputils-20071127-dos.patch
new file mode 100644
index 0000000..211aec3
--- /dev/null
+++ b/iputils-20071127-dos.patch
@@ -0,0 +1,21 @@
+diff -up iputils-s20100418/ping.c.dos iputils-s20100418/ping.c
+--- iputils-s20100418/ping.c.dos	2010-07-13 08:53:29.356694202 +0200
++++ iputils-s20100418/ping.c	2010-07-13 08:53:55.350694373 +0200
+@@ -1065,7 +1065,7 @@ void pr_options(unsigned char * cp, int 
+ 				i = j;
+ 			i -= IPOPT_MINOFF;
+ 			if (i <= 0)
+-				continue;
++				break;
+ 			if (i == old_rrlen
+ 			    && !strncmp((char *)cp, old_rr, i)
+ 			    && !(options & F_FLOOD)) {
+@@ -1102,7 +1102,7 @@ void pr_options(unsigned char * cp, int 
+ 				i = j;
+ 			i -= 5;
+ 			if (i <= 0)
+-				continue;
++				break;
+ 			flags = *++cp;
+ 			printf("\nTS: ");
+ 			cp++;
diff --git a/iputils.spec b/iputils.spec
index 8ee363d..fbf5c71 100644
--- a/iputils.spec
+++ b/iputils.spec
@@ -1,7 +1,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20071127
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: BSD
 URL: http://www.skbuff.net/iputils
 Group: System Environment/Daemons
@@ -28,6 +28,7 @@ Patch14: iputils-20071127-typing_bug.patch
 Patch15: iputils-20071127-corr_type.patch
 Patch16: iputils-20071127-timeout.patch
 Patch17: iputils-20071127-flowlabel.patch
+Patch18: iputils-20071127-dos.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: docbook-utils perl-SGMLSpm
@@ -65,6 +66,7 @@ the target machine is alive and receiving network traffic.
 %patch15 -p1 -b .corr_type
 %patch16 -p1 -b .timeout
 %patch17 -p1 -b .flowlabel
+%patch18 -p1 -b .dos
 
 %build
 %ifarch s390 s390x
@@ -154,6 +156,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sysconfdir}/rc.d/init.d/rdisc
 
 %changelog
+* Thu Aug 05 2010 Jiri Skala <jskala at redhat.com> - 20071127-12
+- fixes #617613 - CVE-2010-2529 iputils: denial of service vulnerability in ping
+
 * Wed Jun 30 2010 Jiri Skala <jskala at redhat.com> - 20071127-11
 - fixes #583976 - ping6 does not support -F flowlabel option
 - fixes nvr upgrade issue

More information about the scm-commits mailing list