Bug#866333: jessie-pu: package c-ares/1.10.0-2+deb8u1

Wed, 28 Jun 2017 14:30:29 -0700 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hello,

recently a buffer overlow in c-ares has been fixed and the Security Team
asked me to prepare an upload to jessie (see #865360).

Attached you'll find the debdiff.

Thanks,
Gregor

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru c-ares-1.10.0/debian/changelog c-ares-1.10.0/debian/changelog
--- c-ares-1.10.0/debian/changelog      2016-09-29 20:30:48.000000000 +0200
+++ c-ares-1.10.0/debian/changelog      2017-06-26 22:03:42.000000000 +0200
@@ -1,3 +1,9 @@
+c-ares (1.10.0-2+deb8u2) jessie; urgency=medium
+
+  * Add patch for CVE-2017-1000381 (Closes: #865360)
+
+ -- Gregor Jasny <gja...@googlemail.com>  Mon, 26 Jun 2017 22:03:42 +0200
+
 c-ares (1.10.0-2+deb8u1) jessie-security; urgency=high
 
   * Apply patch for CVE-2016-5180 (Closes: #839151)
diff -Nru c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff 
c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff
--- c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff  1970-01-01 
01:00:00.000000000 +0100
+++ c-ares-1.10.0/debian/patches/CVE-2017-1000381.diff  2017-06-26 
22:03:42.000000000 +0200
@@ -0,0 +1,30 @@
+Origin: upstream, e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116
+From: David Drysdale <drysd...@google.com>
+Date: Mon, 22 May 2017 10:54:10 +0100
+Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data
+Bug-Debian: http://bugs.debian.org/865360
+
+Check that there is enough data for the required elements
+of an NAPTR record (2 int16, 3 bytes for string lengths)
+before processing a record.
+
+--- a/ares_parse_naptr_reply.c
++++ b/ares_parse_naptr_reply.c
+@@ -110,6 +110,12 @@
+           status = ARES_EBADRESP;
+           break;
+         }
++      /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
++      if (rr_len < 7)
++        {
++          status = ARES_EBADRESP;
++          break;
++        }
+ 
+       /* Check if we are really looking at a NAPTR record */
+       if (rr_class == C_IN && rr_type == T_NAPTR)
+@@ -185,4 +191,3 @@
+ 
+   return ARES_SUCCESS;
+ }
+-
diff -Nru c-ares-1.10.0/debian/patches/series 
c-ares-1.10.0/debian/patches/series
--- c-ares-1.10.0/debian/patches/series 2016-09-29 20:28:42.000000000 +0200
+++ c-ares-1.10.0/debian/patches/series 2017-06-26 22:03:42.000000000 +0200
@@ -1,2 +1,3 @@
 disable-cflags-rewrite.diff
 CVE-2016-5180.diff
+CVE-2017-1000381.diff

Reply via email to