From f5292e09782119bce70061c76e8fd25d65dcf5e8 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Jul 29 2015 12:42:32 +0000 Subject: Include fix for CVE-2015-5477 Signed-off-by: Tomas Hozza --- diff --git a/bind.spec b/bind.spec index cdc5602..4d9d982 100644 --- a/bind.spec +++ b/bind.spec @@ -24,7 +24,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.6 -Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 10%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -85,6 +85,7 @@ Patch137:bind-9.9-dist-native-pkcs11.patch Patch138:bind99-rh1184151.patch Patch139:bind99-CVE-2015-1349.patch Patch140:bind99-CVE-2015-4620.patch +Patch141:bind99-CVE-2015-5477.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -325,6 +326,7 @@ popd %patch138 -p1 -b .nsupdate %patch139 -p1 -b .CVE-2015-1349 %patch140 -p1 -b .CVE-2015-4620 +%patch141 -p1 -b .CVE-2015-5477 %if %{PKCS11} cp -r bin/named{,-pkcs11} @@ -1028,6 +1030,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Wed Jul 29 2015 Tomas Hozza - 32:9.9.6-10.P1 +- Include fix for CVE-2015-5477 + * Thu Jul 09 2015 Tomas Hozza - 32:9.9.6-9.P1 - Include fix for CVE-2015-4620 diff --git a/bind99-CVE-2015-5477.patch b/bind99-CVE-2015-5477.patch new file mode 100644 index 0000000..c3a6e29 --- /dev/null +++ b/bind99-CVE-2015-5477.patch @@ -0,0 +1,11 @@ +diff -up bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477 bind-9.9.4/lib/dns/tkey.c +--- bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477 2015-07-27 22:36:02.318505839 +0200 ++++ bind-9.9.4/lib/dns/tkey.c 2015-07-27 22:36:39.764698712 +0200 +@@ -650,6 +650,7 @@ dns_tkey_processquery(dns_message_t *msg + * Try the answer section, since that's where Win2000 + * puts it. + */ ++ name = NULL; + if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, + dns_rdatatype_tkey, 0, &name, + &tkeyset) != ISC_R_SUCCESS) {