diff --git a/dhcp-CVE-2016-2774.patch b/dhcp-CVE-2016-2774.patch new file mode 100644 index 0000000..c9e4bbe --- /dev/null +++ b/dhcp-CVE-2016-2774.patch @@ -0,0 +1,33 @@ +diff -up dhcp-4.3.2/includes/site.h.CVE-2016-2774 dhcp-4.3.2/includes/site.h +--- dhcp-4.3.2/includes/site.h.CVE-2016-2774 2016-05-02 15:46:39.603504261 +0200 ++++ dhcp-4.3.2/includes/site.h 2016-05-02 15:47:02.296484178 +0200 +@@ -289,6 +289,12 @@ + this option will be removed at some time. */ + /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */ + ++/* Limit the value of a file descriptor the serve will use ++ when accepting a connecting request. This can be used to ++ limit the number of TCP connections that the server will ++ allow at one time. A value of 0 means there is no limit.*/ ++#define MAX_FD_VALUE 200 ++ + /* Include definitions for various options. In general these + should be left as is, but if you have already defined one + of these and prefer your definition you can comment the +diff -up dhcp-4.3.2/omapip/listener.c.CVE-2016-2774 dhcp-4.3.2/omapip/listener.c +--- dhcp-4.3.2/omapip/listener.c.CVE-2016-2774 2015-02-26 20:35:43.000000000 +0100 ++++ dhcp-4.3.2/omapip/listener.c 2016-05-02 15:46:39.603504261 +0200 +@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_ + return ISC_R_NORESOURCES; + return ISC_R_UNEXPECTED; + } +- ++ ++ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) { ++ close(socket); ++ return (ISC_R_NORESOURCES); ++ } ++ + #if defined (TRACING) + /* If we're recording a trace, remember the connection. */ + if (trace_record ()) { diff --git a/dhcp.spec b/dhcp.spec index 055505e..6ad3623 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -18,7 +18,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.3 -Release: 8.%{patchver}%{?dist} +Release: 9.%{patchver}%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -75,6 +75,7 @@ Patch35: dhcp-VLAN-ID.patch Patch36: dhcp-option97-pxe-client-id.patch Patch37: dhcp-stateless-DUID-LLT.patch Patch38: dhcp-dhclient-preinit6s.patch +Patch40: dhcp-CVE-2016-2774.patch BuildRequires: autoconf BuildRequires: automake @@ -341,6 +342,9 @@ rm bind/bind.tar.gz # dhclient: make sure link-local address is ready in stateless mode (#1263466) %patch38 -p1 -b .preinit6s +# CVE-2016-2774 (#1315614) +%patch40 -p1 -b .CVE-2016-2774 + # DHCLIENT_DEFAULT_PREFIX_LEN 64 -> 128 # https://bugzilla.gnome.org/show_bug.cgi?id=656610 sed -i -e 's|DHCLIENT_DEFAULT_PREFIX_LEN 64|DHCLIENT_DEFAULT_PREFIX_LEN 128|g' includes/site.h @@ -664,6 +668,9 @@ done %doc doc/html/ %changelog +* Mon May 02 2016 Jiri Popelka - 12:4.3.3-9.P1 +- CVE-2016-2774 (#1315614) + * Wed Jan 13 2016 Jiri Popelka - 12:4.3.3-8.P1 - 4.3.3-P1 - fix for CVE-2015-8605 (#1298077)