[dhcp/f14/master] Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
Jiří Popelka
jpopelka at fedoraproject.org
Wed Apr 6 18:51:52 UTC 2011
commit 23e49497e147d544289b0ac2c845d9f46a601944
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Wed Apr 6 20:13:35 2011 +0200
Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
dhcp-4.2.0-P2-CVE-2011-0997.patch | 2 +-
dhcp.spec | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/dhcp-4.2.0-P2-CVE-2011-0997.patch b/dhcp-4.2.0-P2-CVE-2011-0997.patch
index f8ad4f1..36786b8 100644
--- a/dhcp-4.2.0-P2-CVE-2011-0997.patch
+++ b/dhcp-4.2.0-P2-CVE-2011-0997.patch
@@ -165,11 +165,11 @@ diff -up dhcp-4.2.0-P2/client/dhclient.c.CVE-2011-0997 dhcp-4.2.0-P2/client/dhcl
+ if ((universe == NULL) || (universe == &dhcp_universe)) {
+ switch(opt) {
+ case DHO_HOST_NAME:
-+ case DHO_DOMAIN_NAME:
+ case DHO_NIS_DOMAIN:
+ case DHO_NETBIOS_SCOPE:
+ return check_domain_name(ptr, len, 0);
+ break;
++ case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */
+ case DHO_DOMAIN_SEARCH:
+ return check_domain_name_list(ptr, len, 0);
+ break;
diff --git a/dhcp.spec b/dhcp.spec
index 154996c..667d752 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -12,7 +12,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.0
-Release: 20.%{patchver}%{?dist}
+Release: 21.%{patchver}%{?dist}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
@@ -559,6 +559,9 @@ fi
%attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
%changelog
+* Wed Apr 06 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-21.P2
+- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
+
* Wed Apr 06 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-20.P2
- CVE-2011-0997
dhclient: insufficient sanitization of certain DHCP response values (#694005)
More information about the scm-commits
mailing list