[nginx/f20] Fix CVE-2014-3616 virtual host confusion
Jamie Nguyen
jamielinux at fedoraproject.org
Mon Sep 22 08:28:21 UTC 2014
commit 812ed44cf41c36170090faf7dcb28300949141d9
Author: Jamie Nguyen <j at jamielinux.com>
Date: Mon Sep 22 09:27:56 2014 +0100
Fix CVE-2014-3616 virtual host confusion
nginx-1.4.7-fix-CVE-2014-3616.patch | 23 +++++++++++++++++++++++
nginx.spec | 9 ++++++++-
2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/nginx-1.4.7-fix-CVE-2014-3616.patch b/nginx-1.4.7-fix-CVE-2014-3616.patch
new file mode 100644
index 0000000..6395395
--- /dev/null
+++ b/nginx-1.4.7-fix-CVE-2014-3616.patch
@@ -0,0 +1,23 @@
+Subject: fix CVE-2014-3616, Reuse cached SSL sessions in unrelated contexts
+Origin: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -1498,14 +1498,16 @@ ngx_int_t
+ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
+ ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
+ {
+- long cache_mode;
++ long cache_mode;
++ u_char buf[16];
+
+ if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
+ SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
+ return NGX_OK;
+ }
+
+- SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
++ RAND_pseudo_bytes(buf, 16);
++ SSL_CTX_set_session_id_context(ssl->ctx, buf, 16);
+
+ if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
+
diff --git a/nginx.spec b/nginx.spec
index 3c20ef3..9692969 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -16,7 +16,7 @@
Name: nginx
Epoch: 1
Version: 1.4.7
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A high performance web server and reverse proxy server
Group: System Environment/Daemons
@@ -44,6 +44,9 @@ Source104: 50x.html
# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
Patch0: nginx-auto-cc-gcc.patch
+# CVE-2014-3616 virtual host confusion
+Patch1: %{name}-1.4.7-fix-CVE-2014-3616.patch
+
BuildRequires: GeoIP-devel
BuildRequires: gd-devel
%if 0%{?with_gperftools}
@@ -83,6 +86,7 @@ memory usage.
%prep
%setup -q
%patch0 -p0
+%patch1 -p1
%build
@@ -268,6 +272,9 @@ fi
%changelog
+* Mon Sep 22 2014 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.4.7-2
+- patch for CVE-2014-3616 virtual host confusion (#1142573, #1142575)
+
* Tue Mar 18 2014 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.4.7-1
- update to upstream release 1.4.7
More information about the scm-commits
mailing list