[squid/f20] Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP
mluscon
mluscon at fedoraproject.org
Fri Sep 12 10:35:10 UTC 2014
commit c6860280dbb2dd58c4705bed694da87bde1feb73
Author: Michal Luscon <mluscon at redhat.com>
Date: Thu Sep 11 10:31:51 2014 +0200
Fixed: #1139968 - CVE-2014-6270 buffer overflow in SNMP
squid-SNMP.patch | 17 +++++++++++++++++
squid.spec | 8 ++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/squid-SNMP.patch b/squid-SNMP.patch
new file mode 100644
index 0000000..7b7f85c
--- /dev/null
+++ b/squid-SNMP.patch
@@ -0,0 +1,17 @@
+--- squid/src/snmp_core.cc 2014-06-25 16:41:39.000000000 +0200
++++ squid/src/snmp_core.cc 2014-09-09 11:52:13.237394779 +0200
+@@ -375,12 +375,11 @@
+
+ len = comm_udp_recvfrom(sock,
+ buf,
+- SNMP_REQUEST_SIZE,
++ SNMP_REQUEST_SIZE - 1,
+ 0,
+ from);
+
+ if (len > 0) {
+- buf[len] = '\0';
+ debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
+
+ snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
+
diff --git a/squid.spec b/squid.spec
index 9e197b8..4e466d9 100644
--- a/squid.spec
+++ b/squid.spec
@@ -4,7 +4,7 @@
Name: squid
Version: 3.3.13
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@@ -39,6 +39,7 @@ Patch204: squid-3.2.0.9-fpic.patch
Patch205: squid-3.1.9-ltdl.patch
Patch206: squid-3.3.4-empty-pod2man.patch
Patch207: active-ftp.patch
+Patch208: squid-SNMP.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0
@@ -103,7 +104,6 @@ The squid-sysvinit contains SysV initscritps support.
# Upstream patches
# Backported patches
-#patch101 -p1 -b .mem_node
# Local patches
%patch201 -p1 -b .config
@@ -113,6 +113,7 @@ The squid-sysvinit contains SysV initscritps support.
%patch205 -p1 -b .ltdl
%patch206 -p1 -b .empty-pod2man
%patch207 -p1 -b .active-ftp
+%patch208 -p1 -b .SNMP
%build
%ifarch sparcv9 sparc64 s390 s390x
@@ -317,6 +318,9 @@ fi
/sbin/chkconfig --add squid >/dev/null 2>&1 || :
%changelog
+* Thu Sep 11 2014 Michal Luscon <mluscon at redhat.com> - 7:3.3.13-2
+- Fixed: CVE-2014-6270
+
* Thu Aug 28 2014 Michal Luscon <mluscon at redhat.com> - 7:3.3.13-1
- Update to upstream version 3.3.13
- Fixed: CVE-2014-3609
More information about the scm-commits
mailing list