[chkrootkit] Fix for CVE-2014-0476.

Jon Ciesla limb at fedoraproject.org
Wed Jun 4 10:30:17 UTC 2014 

commit e89a5cea925a4c81fd60feac0aa60df8d45ee224
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Wed Jun 4 05:26:23 2014 -0500

    Fix for CVE-2014-0476.

 chkrootkit-0.49-CVE-2014-0476.patch |   16 ++++++++++++++++
 chkrootkit.spec                     |    7 ++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/chkrootkit-0.49-CVE-2014-0476.patch b/chkrootkit-0.49-CVE-2014-0476.patch
new file mode 100644
index 0000000..b649cde
--- /dev/null
+++ b/chkrootkit-0.49-CVE-2014-0476.patch
@@ -0,0 +1,16 @@
+--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch
++++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch
+@@ -0,0 +1,13 @@
++Index: chkrootkit/chkrootkit
++===================================================================
++--- chkrootkit.orig/chkrootkit
+++++ chkrootkit/chkrootkit
++@@ -117,7 +117,7 @@ slapper (){
++    fi
++    for i in ${SLAPPER_FILES}; do
++       if [ -f ${i} ]; then
++-       file_port=$file_port $i
+++       file_port="$file_port $i"
++          STATUS=1
++       fi
++    done
diff --git a/chkrootkit.spec b/chkrootkit.spec
index 94adf24..88ea58b 100644
--- a/chkrootkit.spec
+++ b/chkrootkit.spec
@@ -1,7 +1,7 @@
 %define _hardened_build 1
 Name:           chkrootkit
 Version:        0.49
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Tool to locally check for signs of a rootkit
 Group:          Applications/System
 License:        BSD and GPLv2+ and Python
@@ -22,6 +22,7 @@ Patch6:         chkrootkit-0.47-chklastlog.patch
 Patch8:         chkrootkit-0.49-nophpcheck.patch
 Patch9:         chkrootkit-0.49-chkproc-psver.patch
 Patch10:	chkrootkit-0.49-chkutmp-outofbounds.patch
+Patch11:	chkrootkit-0.49-CVE-2014-0476.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  desktop-file-utils
@@ -59,6 +60,7 @@ It contains:
 %patch8 -p0 -b .nophpcheck
 %patch9 -p0 -b .chkproc-psver
 %patch10 -p1
+%patch11 -p1
 sed -i -e 's!\s\+ at strip.*!!g' Makefile
 
 
@@ -126,6 +128,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Wed Jun 04 2014 Jon Ciesla <limburgher at gmail.com> - 0.49-9
+- Patch for CVE-2014-0476, BZ 1104456, 11044567.
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.49-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list