[exim/el6] Backported fix for CVE-2012-5671
Jaroslav Škarvada
jskarvad at fedoraproject.org
Fri Oct 26 09:15:42 UTC 2012
commit 4367a40e334c3361cc4a6cca5a64e8008a7ce33f
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Fri Oct 26 11:15:38 2012 +0200
Backported fix for CVE-2012-5671
Resolves: CVE-2012-5671
exim-4.72-CVE-2012-5671.patch | 25 +++++++++++++++++++++++++
exim.spec | 10 ++++++++--
2 files changed, 33 insertions(+), 2 deletions(-)
---
diff --git a/exim-4.72-CVE-2012-5671.patch b/exim-4.72-CVE-2012-5671.patch
new file mode 100644
index 0000000..9687101
--- /dev/null
+++ b/exim-4.72-CVE-2012-5671.patch
@@ -0,0 +1,25 @@
+--- a/src/dkim.c
++++ a/src/dkim.c
+@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
+ "%.*s", (int)len, (char *)((rr->data)+rr_offset));
+ rr_offset+=len;
+ answer_offset+=len;
++ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
++ return PDKIM_FAIL;
++ }
+ }
+ }
+ else return PDKIM_FAIL;
+--- a/src/pdkim/pdkim.h
++++ a/src/pdkim/pdkim.h
+@@ -27,8 +27,8 @@
+
+ /* -------------------------------------------------------------------------- */
+ /* Length of the preallocated buffer for the "answer" from the dns/txt
+- callback function. */
+-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
++ callback function. This should match the maximum RDLENGTH from DNS. */
++#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
+
+ /* -------------------------------------------------------------------------- */
+ /* Function success / error codes */
diff --git a/exim.spec b/exim.spec
index 8f492a5..1d2f60e 100644
--- a/exim.spec
+++ b/exim.spec
@@ -12,7 +12,7 @@
Summary: The exim mail transfer agent
Name: exim
Version: 4.72
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Url: http://www.exim.org/
Group: System Environment/Daemons
@@ -61,7 +61,7 @@ Patch36: exim-4.72-0006-CVE-2010-4345.patch
Patch37: exim-4.72-0007-CVE-2010-4345.patch
Patch38: exim-4.72-0008-CVE-2010-4345.patch
Patch39: exim-4.72-0009-CVE-2010-4345.patch
-
+Patch40: exim-4.72-CVE-2012-5671.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases
@@ -203,6 +203,8 @@ greylisting unconditional.
%patch38 -p2 -b .0008
%patch39 -p2 -b .0009
+%patch40 -p1 -b .CVE-2012-5671
+
cp src/EDITME Local/Makefile
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
sed -i 's@^# AUTH_LIBS=-lsasl2 at AUTH_LIBS=-lsasl2@' Local/Makefile
@@ -521,6 +523,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null || :
%{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog
+* Thu Oct 25 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 4.72-3
+- Backported fix for CVE-2012-5671
+ Resolves: CVE-2012-5671
+
* Wed May 18 2011 Mark Chappell <tremble at tremble.org.uk> 4.72-2
- Backport various security fixes
- (CVE-2011-1407 CVE-2011-0017 CVE-2010-4345)
More information about the scm-commits
mailing list