[unbound/el5] * Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3 - Applied patch for CVE-2011-1922 DoS
Paul Wouters
pwouters at fedoraproject.org
Wed May 25 19:26:55 UTC 2011
commit 495cacd2aaa8b002c4bec29a005d611f7fe28b52
Author: Paul Wouters <paul at xelerance.com>
Date: Wed May 25 15:28:29 2011 -0400
* Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3
- Applied patch for CVE-2011-1922 DoS vulnerability
unbound-CVE-2011-1922.patch | 11 +++++++++++
unbound.spec | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/unbound-CVE-2011-1922.patch b/unbound-CVE-2011-1922.patch
new file mode 100644
index 0000000..bdcacad
--- /dev/null
+++ b/unbound-CVE-2011-1922.patch
@@ -0,0 +1,11 @@
+diff -Naur unbound-1.4.9/daemon/worker.c unbound-1.4.9-CVE-2011-1922/daemon/worker.c
+--- unbound-1.4.9/daemon/worker.c 2010-11-04 08:35:39.000000000 -0400
++++ unbound-1.4.9-CVE-2011-1922/daemon/worker.c 2011-05-25 15:14:04.888288236 -0400
+@@ -777,6 +777,7 @@
+ qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++ ldns_buffer_rewind(c->buffer);
+ LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ LDNS_RCODE_SET(ldns_buffer_begin(c->buffer),
+ LDNS_RCODE_REFUSED);
diff --git a/unbound.spec b/unbound.spec
index 0743dae..c440648 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -9,7 +9,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
Version: 1.4.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -31,6 +31,7 @@ Patch11: unbound-1.4.4-778d4a.patch
Patch12: unbound-1.4.4-5e989a.patch
Patch13: unbound-1.4.4-a6f07b.patch
Patch14: unbound-1.4.4-28093c.patch
+Patch15: unbound-CVE-2011-1922.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -116,6 +117,7 @@ Python modules and extensions for unbound
%patch14 -p1
%patch3 -p1
%patch5 -p1
+%patch15 -p1
%build
%configure --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -220,6 +222,9 @@ fi
%postun libs -p /sbin/ldconfig
%changelog
+* Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3
+- Applied patch for CVE-2011-1922 DoS vulnerability
+
* Tue Oct 26 2010 Paul Wouters <paul at xelerance.com> - 1.4.4-2
- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines
(see comments in inbound.conf)
More information about the scm-commits
mailing list