rpms/net-snmp/F-7 net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.121, 1.122
Jan Šafránek (jsafrane)
fedora-extras-commits at redhat.com
Tue Jun 10 06:03:03 UTC 2008
- Previous message: rpms/kernel/devel patch-2.6.26-rc5-git3.bz2.sign, NONE, 1.1 .cvsignore, 1.830, 1.831 config-generic, 1.109, 1.110 kernel.spec, 1.679, 1.680 sources, 1.790, 1.791 upstream, 1.709, 1.710 patch-2.6.26-rc5-git2.bz2.sign, 1.1, NONE
- Next message: rpms/net-snmp/devel net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.151, 1.152
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jsafrane
Update of /cvs/pkgs/rpms/net-snmp/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8951
Modified Files:
net-snmp.spec
Added Files:
net-snmp-5.4.1-hmac-check.patch
net-snmp-5.4.1-perl-snprintf.patch
Log Message:
fix various flaws (CVE-2008-2292 CVE-2008-0960)
net-snmp-5.4.1-hmac-check.patch:
--- NEW FILE net-snmp-5.4.1-hmac-check.patch ---
447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
Reviewed-by: Jan Safranek <jsafrane at redhat.com>
diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
--- net-snmp-5.0.9/snmplib/scapi.c.orig 2008-06-04 10:19:26.000000000 +0200
+++ net-snmp-5.0.9/snmplib/scapi.c 2008-06-04 10:20:45.000000000 +0200
@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
}
+ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+ }
/*
* Generate a full hash of the message, then compare
net-snmp-5.4.1-perl-snprintf.patch:
--- NEW FILE net-snmp-5.4.1-perl-snprintf.patch ---
447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
Reviewed-By: Jan Safranek <jsafrane at redhat.com>
--- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/21 23:19:29 16769
+++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/22 19:22:44 16770
@@ -470,14 +470,16 @@
if (flag == USE_ENUMS) {
for(ep = tp->enums; ep; ep = ep->next) {
if (ep->value == *var->val.integer) {
- strcpy(buf, ep->label);
+ strncpy(buf, ep->label, buf_len);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
}
}
}
if (!len) {
- sprintf(buf,"%ld", *var->val.integer);
+ snprintf(buf, buf_len, "%ld", *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
}
break;
@@ -486,21 +488,25 @@
case ASN_COUNTER:
case ASN_TIMETICKS:
case ASN_UINTEGER:
- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
+ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
case ASN_OCTET_STR:
case ASN_OPAQUE:
- memcpy(buf, (char*)var->val.string, var->val_len);
len = var->val_len;
+ if ( len > buf_len )
+ len = buf_len;
+ memcpy(buf, (char*)var->val.string, len);
break;
case ASN_IPADDRESS:
- ip = (u_char*)var->val.string;
- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
- len = strlen(buf);
- break;
+ ip = (u_char*)var->val.string;
+ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
case ASN_NULL:
break;
@@ -512,14 +518,14 @@
break;
case SNMP_ENDOFMIBVIEW:
- sprintf(buf,"%s", "ENDOFMIBVIEW");
- break;
+ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
+ break;
case SNMP_NOSUCHOBJECT:
- sprintf(buf,"%s", "NOSUCHOBJECT");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
+ break;
case SNMP_NOSUCHINSTANCE:
- sprintf(buf,"%s", "NOSUCHINSTANCE");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
+ break;
case ASN_COUNTER64:
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
@@ -538,19 +544,19 @@
#endif
case ASN_BIT_STR:
- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
+ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
len = strlen(buf);
break;
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case ASN_OPAQUE_FLOAT:
- if (var->val.floatVal)
- sprintf(buf,"%f", *var->val.floatVal);
- break;
+ if (var->val.floatVal)
+ snprintf(buf, buf_len, "%f", *var->val.floatVal);
+ break;
case ASN_OPAQUE_DOUBLE:
- if (var->val.doubleVal)
- sprintf(buf,"%f", *var->val.doubleVal);
- break;
+ if (var->val.doubleVal)
+ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
+ break;
#endif
case ASN_NSAP:
Index: net-snmp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/net-snmp/F-7/net-snmp.spec,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -r1.121 -r1.122
--- net-snmp.spec 14 Feb 2008 11:55:05 -0000 1.121
+++ net-snmp.spec 10 Jun 2008 06:02:18 -0000 1.122
@@ -7,7 +7,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: %{major_ver}
-Release: 17%{?dist}
+Release: 18%{?dist}
Epoch: 1
License: BSD and CMU
@@ -46,6 +46,8 @@
Patch22: net-snmp-5.4-smux-password.patch
Patch23: net-snmp-5.4-udp-leak.patch
Patch24: net-snmp-5.4-maxreps.patch
+Patch25: net-snmp-5.4.1-hmac-check.patch
+Patch26: net-snmp-5.4.1-perl-snprintf.patch
Requires(pre): /sbin/chkconfig
Requires(post): /sbin/chkconfig
@@ -171,6 +173,8 @@
%patch22 -p0 -b .smux-password
%patch23 -p0 -b .udp-leak
%patch24 -p0 -b .maxreps
+%patch25 -p1 -b .hmac-check
+%patch26 -p3 -b .perl-snprintf
# Do this patch with a perl hack...
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -375,6 +379,9 @@
%{_libdir}/lib*.so.*
%changelog
+* Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4-18
+- fix various flaws (CVE-2008-2292 CVE-2008-0960)
+
* Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4-17
- fixing ipNetToMediaNetAddress to show IP address (#432780)
- Previous message: rpms/kernel/devel patch-2.6.26-rc5-git3.bz2.sign, NONE, 1.1 .cvsignore, 1.830, 1.831 config-generic, 1.109, 1.110 kernel.spec, 1.679, 1.680 sources, 1.790, 1.791 upstream, 1.709, 1.710 patch-2.6.26-rc5-git2.bz2.sign, 1.1, NONE
- Next message: rpms/net-snmp/devel net-snmp-5.4.1-hmac-check.patch, NONE, 1.1 net-snmp-5.4.1-perl-snprintf.patch, NONE, 1.1 net-snmp.spec, 1.151, 1.152
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list