Browse code
Fix glibc CVE-2016-5417
Change-Id: If5939f5eec6ce6e5c68e4fda686a327ac46b224c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4471
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>
suezzelur authored on 2017/12/07 10:48:57Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,24 @@ |
| 0 |
+From 5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Andreas Schwab <schwab@suse.de> |
|
| 2 |
+Date: Wed, 18 Nov 2015 15:45:59 +0100 |
|
| 3 |
+Subject: [PATCH] Fix resource leak in resolver (bug 19257) |
|
| 4 |
+ |
|
| 5 |
+The number of currently defined nameservers is stored in ->nscount, |
|
| 6 |
+whereas ->_u._ext.nscount is set by __libc_res_nsend only after local |
|
| 7 |
+initializations. |
|
| 8 |
+diff --git a/resolv/res_init.c b/resolv/res_init.c |
|
| 9 |
+index 128004a..02590fb 100644 |
|
| 10 |
+--- a/resolv/res_init.c |
|
| 11 |
+@@ -580,7 +580,7 @@ __res_iclose(res_state statp, bool free_addr) {
|
|
| 12 |
+ statp->_vcsock = -1; |
|
| 13 |
+ statp->_flags &= ~(RES_F_VC | RES_F_CONN); |
|
| 14 |
+ } |
|
| 15 |
+- for (ns = 0; ns < statp->_u._ext.nscount; ns++) |
|
| 16 |
++ for (ns = 0; ns < statp->nscount; ns++) |
|
| 17 |
+ if (statp->_u._ext.nsaddrs[ns]) {
|
|
| 18 |
+ if (statp->_u._ext.nssocks[ns] != -1) {
|
|
| 19 |
+ close_not_cancel_no_status(statp->_u._ext.nssocks[ns]); |
|
| 20 |
+-- |
|
| 21 |
+2.9.3 |
|
| 22 |
+ |
| ... | ... |
@@ -6,7 +6,7 @@ |
| 6 | 6 |
Summary: Main C library |
| 7 | 7 |
Name: glibc |
| 8 | 8 |
Version: 2.22 |
| 9 |
-Release: 16%{?dist}
|
|
| 9 |
+Release: 17%{?dist}
|
|
| 10 | 10 |
License: LGPLv2+ |
| 11 | 11 |
URL: http://www.gnu.org/software/libc |
| 12 | 12 |
Group: Applications/System |
| ... | ... |
@@ -43,6 +43,8 @@ Patch17: glibc-fix-CVE-2017-15670.patch |
| 43 | 43 |
Patch18: glibc-fix-CVE-2017-15804.patch |
| 44 | 44 |
#https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=20f534e0abd81149c71cef082c8c058bb9d953af |
| 45 | 45 |
Patch19: glibc-fix-CVE-2015-5180.patch |
| 46 |
+#https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 |
|
| 47 |
+Patch20: glibc-2.22-CVE-2016-5417.patch |
|
| 46 | 48 |
Provides: rtld(GNU_HASH) |
| 47 | 49 |
Requires: filesystem |
| 48 | 50 |
%description |
| ... | ... |
@@ -88,6 +90,7 @@ sed -i 's/\\$$(pwd)/`pwd`/' timezone/Makefile |
| 88 | 88 |
%patch17 -p1 |
| 89 | 89 |
%patch18 -p1 |
| 90 | 90 |
%patch19 -p1 |
| 91 |
+%patch20 -p1 |
|
| 91 | 92 |
install -vdm 755 %{_builddir}/%{name}-build
|
| 92 | 93 |
# do not try to explicitly provide GLIBC_PRIVATE versioned libraries |
| 93 | 94 |
%define __find_provides %{_builddir}/%{name}-%{version}/find_provides.sh
|
| ... | ... |
@@ -214,6 +217,8 @@ popd |
| 214 | 214 |
%{_datarootdir}/locale/locale.alias
|
| 215 | 215 |
|
| 216 | 216 |
%changelog |
| 217 |
+* Tue Dec 5 2017 Anish Swaminathan <anishs@vmware.com> 2.22-17 |
|
| 218 |
+- Fix CVE-2016-5417 |
|
| 217 | 219 |
* Tue Nov 14 2017 Xiaolin Li <xiaolinl@vmware.com> 2.22-16 |
| 218 | 220 |
- Fix CVE-2015-5180 |
| 219 | 221 |
* Wed Oct 25 2017 Xiaolin Li <xiaolinl@vmware.com> 2.22-15 |