[squid/f20] Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP

mluscon mluscon at fedoraproject.org
Fri Sep 12 10:35:10 UTC 2014 

commit c6860280dbb2dd58c4705bed694da87bde1feb73
Author: Michal Luscon <mluscon at redhat.com>
Date:   Thu Sep 11 10:31:51 2014 +0200

    Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP

 squid-SNMP.patch |   17 +++++++++++++++++
 squid.spec       |    8 ++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/squid-SNMP.patch b/squid-SNMP.patch
new file mode 100644
index 0000000..7b7f85c
--- /dev/null
+++ b/squid-SNMP.patch
@@ -0,0 +1,17 @@
+--- squid/src/snmp_core.cc 2014-06-25 16:41:39.000000000 +0200
++++ squid/src/snmp_core.cc 2014-09-09 11:52:13.237394779 +0200
+@@ -375,12 +375,11 @@
+ 
+     len = comm_udp_recvfrom(sock,
+                             buf,
+-                            SNMP_REQUEST_SIZE,
++                            SNMP_REQUEST_SIZE - 1,
+                             0,
+                             from);
+ 
+     if (len > 0) {
+-        buf[len] = '\0';
+         debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
+ 
+         snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
+ 
diff --git a/squid.spec b/squid.spec
index 9e197b8..4e466d9 100644
--- a/squid.spec
+++ b/squid.spec
@@ -4,7 +4,7 @@
 
 Name:     squid
 Version:  3.3.13
-Release:  1%{?dist}
+Release:  2%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -39,6 +39,7 @@ Patch204: squid-3.2.0.9-fpic.patch
 Patch205: squid-3.1.9-ltdl.patch
 Patch206: squid-3.3.4-empty-pod2man.patch
 Patch207: active-ftp.patch
+Patch208: squid-SNMP.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@@ -103,7 +104,6 @@ The squid-sysvinit contains SysV initscritps support.
 # Upstream patches
 
 # Backported patches
-#patch101 -p1 -b .mem_node
 
 # Local patches
 %patch201 -p1 -b .config
@@ -113,6 +113,7 @@ The squid-sysvinit contains SysV initscritps support.
 %patch205 -p1 -b .ltdl
 %patch206 -p1 -b .empty-pod2man
 %patch207 -p1 -b .active-ftp
+%patch208 -p1 -b .SNMP
 
 %build
 %ifarch sparcv9 sparc64 s390 s390x
@@ -317,6 +318,9 @@ fi
         /sbin/chkconfig --add squid >/dev/null 2>&1 || :
 
 %changelog
+* Thu Sep 11 2014 Michal Luscon <mluscon at redhat.com> - 7:3.3.13-2
+- Fixed: CVE-2014-6270
+
 * Thu Aug 28 2014 Michal Luscon <mluscon at redhat.com> - 7:3.3.13-1
 - Update to upstream version 3.3.13
 - Fixed: CVE-2014-3609

More information about the scm-commits mailing list