[unbound/el5] * Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3 - Applied patch for CVE-2011-1922 DoS

Paul Wouters pwouters at fedoraproject.org
Wed May 25 19:26:55 UTC 2011 

commit 495cacd2aaa8b002c4bec29a005d611f7fe28b52
Author: Paul Wouters <paul at xelerance.com>
Date:   Wed May 25 15:28:29 2011 -0400

    * Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3
    - Applied patch for CVE-2011-1922 DoS vulnerability

 unbound-CVE-2011-1922.patch |   11 +++++++++++
 unbound.spec                |    7 ++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/unbound-CVE-2011-1922.patch b/unbound-CVE-2011-1922.patch
new file mode 100644
index 0000000..bdcacad
--- /dev/null
+++ b/unbound-CVE-2011-1922.patch
@@ -0,0 +1,11 @@
+diff -Naur unbound-1.4.9/daemon/worker.c unbound-1.4.9-CVE-2011-1922/daemon/worker.c
+--- unbound-1.4.9/daemon/worker.c	2010-11-04 08:35:39.000000000 -0400
++++ unbound-1.4.9-CVE-2011-1922/daemon/worker.c	2011-05-25 15:14:04.888288236 -0400
+@@ -777,6 +777,7 @@
+ 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++		ldns_buffer_rewind(c->buffer);
+ 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+ 			LDNS_RCODE_REFUSED);
diff --git a/unbound.spec b/unbound.spec
index 0743dae..c440648 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -9,7 +9,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.4.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -31,6 +31,7 @@ Patch11: unbound-1.4.4-778d4a.patch
 Patch12: unbound-1.4.4-5e989a.patch
 Patch13: unbound-1.4.4-a6f07b.patch
 Patch14: unbound-1.4.4-28093c.patch
+Patch15: unbound-CVE-2011-1922.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -116,6 +117,7 @@ Python modules and extensions for unbound
 %patch14 -p1
 %patch3 -p1
 %patch5 -p1
+%patch15 -p1
 
 %build
 %configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -220,6 +222,9 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.4-3
+- Applied patch for CVE-2011-1922 DoS vulnerability
+
 * Tue Oct 26 2010 Paul Wouters <paul at xelerance.com> - 1.4.4-2
 - Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines
   (see comments in inbound.conf)

More information about the scm-commits mailing list