[mod_security/el5] Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615).

Athmane Madjoudj athmane at fedoraproject.org
Tue May 28 15:29:36 UTC 2013 

commit fcffe49bdbe905c0af5bef4c76959dc68e9cb3fc
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date:   Tue May 28 16:28:51 2013 +0100

    Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615).

 mod_security-2.6.8_fix_cve-2013-2765.patch |   11 +++++++++++
 mod_security.spec                          |    6 +++++-
 2 files changed, 16 insertions(+), 1 deletions(-)
---
diff --git a/mod_security-2.6.8_fix_cve-2013-2765.patch b/mod_security-2.6.8_fix_cve-2013-2765.patch
new file mode 100644
index 0000000..ad9f9ff
--- /dev/null
+++ b/mod_security-2.6.8_fix_cve-2013-2765.patch
@@ -0,0 +1,11 @@
+diff -ru modsecurity-apache_2.6.8.orig/apache2/msc_reqbody.c modsecurity-apache_2.6.8/apache2/msc_reqbody.c
+--- modsecurity-apache_2.6.8.orig/apache2/msc_reqbody.c	2012-09-25 14:05:00.000000000 +0100
++++ modsecurity-apache_2.6.8/apache2/msc_reqbody.c	2013-05-28 15:18:49.000000000 +0100
+@@ -170,6 +170,7 @@
+ 
+     /* Would storing this chunk mean going over the limit? */
+     if ((msr->msc_reqbody_spilltodisk)
++        && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
+         && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
+     {
+         msc_data_chunk **chunks;
diff --git a/mod_security.spec b/mod_security.spec
index 8405c35..23db4ee 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -8,7 +8,7 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.6.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
@@ -16,6 +16,7 @@ Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
 Source1: mod_security.conf
 Patch0: mod_security-fix-cve-2012-4528.patch
 Patch1: mod_security-2.6.8-rhbz947842.patch
+Patch2: mod_security-2.6.8_fix_cve-2013-2765.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -37,6 +38,7 @@ This package contains the ModSecurity Audit Log Collector.
 %setup -q -n modsecurity-apache_%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure --enable-pcre-match-limit=1000000 \
@@ -104,6 +106,8 @@ rm -rf %{buildroot}
 %attr(0755,root,root) %{_bindir}/mlogc-batch-load
 
 %changelog
+* Tue May 28 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-4
+- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
 
 * Wed Apr  3 2013 Athmane Madjoudj <athmane at fedoraproject.org> 2.6.8-3
 - Backport security patch from 2.7.3 (RHBZ #947842)

More information about the scm-commits mailing list