diff --git a/SOURCES/bind-9.16-CVE-2022-38177.patch b/SOURCES/bind-9.16-CVE-2022-38177.patch new file mode 100644 index 0000000..d40ea61 --- /dev/null +++ b/SOURCES/bind-9.16-CVE-2022-38177.patch @@ -0,0 +1,27 @@ +From 0095b8a6b09173ab5eb48611dc0233d2a6337dc1 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 20 Sep 2022 11:21:45 +0200 +Subject: [PATCH] Fix CVE-2022-38177 + +5961. [security] Fix memory leak in ECDSA verify processing. + (CVE-2022-38177) [GL #3487] +--- + lib/dns/opensslecdsa_link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c +index 83b5b51..7576e04 100644 +--- a/lib/dns/opensslecdsa_link.c ++++ b/lib/dns/opensslecdsa_link.c +@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + siglen = DNS_SIG_ECDSA384SIZE; + + if (sig->length != siglen) +- return (DST_R_VERIFYFAILURE); ++ DST_RET(DST_R_VERIFYFAILURE); + + if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen)) + DST_RET (dst__openssl_toresult3(dctx->category, +-- +2.37.3 + diff --git a/SOURCES/bind-9.16-CVE-2022-38178.patch b/SOURCES/bind-9.16-CVE-2022-38178.patch new file mode 100644 index 0000000..eb45109 --- /dev/null +++ b/SOURCES/bind-9.16-CVE-2022-38178.patch @@ -0,0 +1,27 @@ +From bb68864bf05d29df644427ec841bc3db6a336519 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 20 Sep 2022 11:22:47 +0200 +Subject: [PATCH] Fix CVE-2022-38178 + +5962. [security] Fix memory leak in EdDSA verify processing. + (CVE-2022-38178) [GL #3487] +--- + lib/dns/openssleddsa_link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c +index 8b115ec..4f3c2a8 100644 +--- a/lib/dns/openssleddsa_link.c ++++ b/lib/dns/openssleddsa_link.c +@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + siglen = DNS_SIG_ED448SIZE; + + if (sig->length != siglen) +- return (DST_R_VERIFYFAILURE); ++ DST_RET(DST_R_VERIFYFAILURE); + + isc_buffer_usedregion(buf, &tbsreg); + +-- +2.37.3 + diff --git a/SPECS/bind.spec b/SPECS/bind.spec index 98c23b4..a2f19a5 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -64,7 +64,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.4 -Release: 26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.9 +Release: 26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.10 Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -183,6 +183,8 @@ Patch195: bind-9.11-CVE-2021-25215.patch Patch196: bind-9.11-CVE-2021-25214.patch Patch197: bind-9.11-rh2011220.patch Patch198: bind-9.11-rh1935152.patch +Patch200: bind-9.16-CVE-2022-38177.patch +Patch201: bind-9.16-CVE-2022-38178.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -558,6 +560,8 @@ are used for building ISC DHCP. %patch196 -p1 -b .CVE-2021-25214 %patch197 -p1 -b .rh2011220 %patch198 -p1 -b .rh1935152 +%patch200 -p1 -b .CVE-2022-38177 +%patch201 -p1 -b .CVE-2022-38178 # Override upstream builtin keys cp -fp %{SOURCE29} bind.keys @@ -1539,6 +1543,10 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Thu Sep 22 2022 Petr Menšík - 32:9.11.4-26.P2.10 +- Fix memory leak in ECDSA verify processing (CVE-2022-38177) +- Fix memory leak in EdDSA verify processing (CVE-2022-38178) + * Mon Jan 24 2022 Petr Menšík - 32:9.11.4-26.P2.9 - Fix possible assertion failure isc_refcount_current == 0 in free_rbtdb (#1935152)