From aedf605415656124f2c750a7e3b92bc56a1ec5ed Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 28 2015 22:14:39 +0000 Subject: import bind-9.9.4-18.el7_1.3 --- diff --git a/SOURCES/bind99-CVE-2015-5477.patch b/SOURCES/bind99-CVE-2015-5477.patch new file mode 100644 index 0000000..c3a6e29 --- /dev/null +++ b/SOURCES/bind99-CVE-2015-5477.patch @@ -0,0 +1,11 @@ +diff -up bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477 bind-9.9.4/lib/dns/tkey.c +--- bind-9.9.4/lib/dns/tkey.c.CVE-2015-5477 2015-07-27 22:36:02.318505839 +0200 ++++ bind-9.9.4/lib/dns/tkey.c 2015-07-27 22:36:39.764698712 +0200 +@@ -650,6 +650,7 @@ dns_tkey_processquery(dns_message_t *msg + * Try the answer section, since that's where Win2000 + * puts it. + */ ++ name = NULL; + if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, + dns_rdatatype_tkey, 0, &name, + &tkeyset) != ISC_R_SUCCESS) { diff --git a/SPECS/bind.spec b/SPECS/bind.spec index afe9d08..8f28afe 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -29,7 +29,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 18%{?PATCHVER}%{?PREVER}%{?dist}.2 +Release: 18%{?PATCHVER}%{?PREVER}%{?dist}.3 Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -99,6 +99,7 @@ Patch146:bind99-rh1098959.patch Patch147:bind99-CVE-2014-8500.patch Patch148:bind99-CVE-2015-1349.patch Patch149:bind99-CVE-2015-4620.patch +Patch150:bind99-CVE-2015-5477.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -327,6 +328,7 @@ popd %patch147 -p1 -b .CVE-2014-8500 %patch148 -p1 -b .CVE-2015-1349 %patch149 -p1 -b .CVE-2015-4620 +%patch150 -p1 -b .CVE-2015-5477 %if %{SDB} %patch101 -p1 -b .old-api @@ -946,6 +948,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Mon Jul 27 2015 Florian Weimer - 32:9.9.4-18.3 +- Fix CVE-2015-5477 + * Wed Jul 08 2015 Tomas Hozza - 32:9.9.4-18.2 - Fix CVE-2015-4620