diff --git a/CVE-2020-8625.patch b/CVE-2020-8625.patch new file mode 100644 index 0000000000000000000000000000000000000000..454d17ef9d76564c09c2b0cf9d9a3a498c3feb74 --- /dev/null +++ b/CVE-2020-8625.patch @@ -0,0 +1,13 @@ +diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c +index dea108bad05..13cf15d7404 100644 +--- a/lib/dns/spnego.c ++++ b/lib/dns/spnego.c +@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) { + return (ASN1_OVERRUN); + } + +- data->components = malloc(len * sizeof(*data->components)); ++ data->components = malloc((len + 1) * sizeof(*data->components)); + if (data->components == NULL) { + return (ENOMEM); + } diff --git a/bind.spec b/bind.spec index ef493083682dea11647568d694f3ac5a98c07081..486ce096359d8237b0b9fccd9c1df3c205b3329a 100644 --- a/bind.spec +++ b/bind.spec @@ -21,7 +21,7 @@ Name: bind Summary: Domain Name System (DNS) Server (named) License: MPLv2.0 Version: 9.11.21 -Release: 4 +Release: 5 Epoch: 32 Url: http://www.isc.org/products/BIND/ Source0: https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz @@ -170,6 +170,7 @@ Patch191: CVE-2020-8622.patch Patch192: CVE-2020-8623.patch Patch193: CVE-2020-8624.patch Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead_of_gettimeofda.patch +Patch195: CVE-2020-8625.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch Patch12: bind-9.10-sdb.patch @@ -373,6 +374,7 @@ are used for building ISC DHCP. %patch192 -p1 %patch193 -p1 %patch194 -p1 +%patch195 -p1 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data @@ -1186,7 +1188,13 @@ rm -rf ${RPM_BUILD_ROOT} %changelog -* Tue Jan 5 2020 hanzhijun - 9.11.21-4 +* Thu Feb 18 2021 liulong - 9.11.21-5 +- Type:CVE +- ID:NA +- SUG:NA +- DESC:fix CVE-2020-8625 + +* Tue Jan 5 2021 hanzhijun - 9.11.21-4 - Type:bugfix - ID:NA - SUG:NA