From aa1a18ae17509f67feccf03066c61f3266a44ece Mon Sep 17 00:00:00 2001 From: Max Rees Date: Sun, 4 Aug 2019 01:46:22 -0500 Subject: user/tcpdump: patch for CVE-2017-16808 (#149) --- user/tcpdump/APKBUILD | 6 +++++- user/tcpdump/CVE-2017-16808.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 user/tcpdump/CVE-2017-16808.patch (limited to 'user/tcpdump') diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD index 7adeefa35..d273d4acc 100644 --- a/user/tcpdump/APKBUILD +++ b/user/tcpdump/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Dan Theisen pkgname=tcpdump pkgver=4.9.2 -pkgrel=1 +pkgrel=2 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" @@ -11,12 +11,15 @@ depends="" makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz + CVE-2017-16808.patch CVE-2018-19519.patch " # secfixes: # 4.9.2-r1: # - CVE-2018-19519 +# 4.9.2-r2: +# - CVE-2017-16808 build () { cd "$builddir" @@ -42,4 +45,5 @@ package() { } sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz +d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch" diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch new file mode 100644 index 000000000..6b41aad8c --- /dev/null +++ b/user/tcpdump/CVE-2017-16808.patch @@ -0,0 +1,26 @@ +From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko +Date: Thu, 31 Aug 2017 21:15:37 +0100 +Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. + +In aoev1_reserve_print() check bounds before trying to print an Ethernet +address. + +This fixes a buffer over-read discovered by Bhargava Shastry, +SecT/TU Berlin. +--- + print-aoe.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/print-aoe.c b/print-aoe.c +index 97e93df2e..2c78a55d3 100644 +--- a/print-aoe.c ++++ b/print-aoe.c +@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, + goto invalid; + /* addresses */ + for (i = 0; i < nmacs; i++) { ++ ND_TCHECK2(*cp, ETHER_ADDR_LEN); + ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); + cp += ETHER_ADDR_LEN; + } -- cgit v1.2.3-60-g2f50