diff options
author | Armin Kuster <akuster@mvista.com> | 2015-10-26 16:31:22 -0700 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-08 14:13:39 +0100 |
commit | 5b2e937448371626cf71b761e3bfb06ffb60a7ee (patch) | |
tree | 93dded2f09e03ac611c9d9f333c0562ec75ac62a /meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch | |
parent | e8a8e0be8e39dbb949bf0f0df90abe1c4e3f6470 (diff) | |
download | ast2050-yocto-openembedded-5b2e937448371626cf71b761e3bfb06ffb60a7ee.zip ast2050-yocto-openembedded-5b2e937448371626cf71b761e3bfb06ffb60a7ee.tar.gz |
squid: serveral missing security fixes
SQUID-2015:2 - Does not affect Squid-3.4 and older versions are not vulnerable.
CVE-2015-5400
CVE-2015-3455
CVE-2014-7142
CVE-2014-7141
CVE-2014-6270
see http://www.squid-cache.org/Advisories/
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch')
-rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch b/meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch new file mode 100644 index 0000000..8f87634 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2014-6270.patch @@ -0,0 +1,61 @@ +Fix: CVE-2014-3609 + +revno: 13172 +revision-id: squid3@treenet.co.nz-20140915045834-qo85nnsinp9wu4gt +parent: squid3@treenet.co.nz-20140827142207-n6y0r0iuv4sq6hvg +author: Sebastian Krahmer <krahmer@suse.com> +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Sun 2014-09-14 22:58:34 -0600 +message: + Fix off by one in SNMP subsystem +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20140915045834-qo85nnsinp9wu4gt +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: 72ffc18d9c25a0412efc813dc5cde1c63e8ebe46 +# timestamp: 2014-09-15 11:08:17 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20140827142207-\ +# n6y0r0iuv4sq6hvg +# +# Begin patch + +Upstream-Status: Backport + +http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13172.patch + +Signed-of-by: Armin Kuster <akuster@mvista.com> + +=== modified file 'src/snmp_core.cc' +--- a/src/snmp_core.cc 2014-02-18 08:46:49 +0000 ++++ b/src/snmp_core.cc 2014-09-15 04:58:34 +0000 +@@ -362,7 +362,7 @@ + void + snmpHandleUdp(int sock, void *not_used) + { +- LOCAL_ARRAY(char, buf, SNMP_REQUEST_SIZE); ++ static char buf[SNMP_REQUEST_SIZE]; + Ip::Address from; + SnmpRequest *snmp_rq; + int len; +@@ -371,16 +371,11 @@ + + Comm::SetSelect(sock, COMM_SELECT_READ, snmpHandleUdp, NULL, 0); + +- memset(buf, '\0', SNMP_REQUEST_SIZE); ++ memset(buf, '\0', sizeof(buf)); + +- len = comm_udp_recvfrom(sock, +- buf, +- SNMP_REQUEST_SIZE, +- 0, +- from); ++ len = comm_udp_recvfrom(sock, buf, sizeof(buf)-1, 0, from); + + if (len > 0) { +- buf[len] = '\0'; + debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << "."); + + snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest)); + |