rpms/ipsec-tools/FC-3 ipsec-tools-CVE-2005-3732.patch, NONE, 1.1 ipsec-tools.spec, 1.15, 1.16
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 14 16:17:28 UTC 2005
Author: harald
Update of /cvs/dist/rpms/ipsec-tools/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv21589/FC-3
Modified Files:
ipsec-tools.spec
Added Files:
ipsec-tools-CVE-2005-3732.patch
Log Message:
add patch for DoS (CVE-2005-3732, #173841)
ipsec-tools-CVE-2005-3732.patch:
isakmp_agg.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
--- NEW FILE ipsec-tools-CVE-2005-3732.patch ---
--- ipsec-tools/src/racoon/isakmp_agg.c 2005/09/26 16:12:20 1.20.2.3
+++ ipsec-tools/src/racoon/isakmp_agg.c 2005/11/20 14:04:48 1.20.2.4
@@ -488,7 +488,11 @@
}
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "few isakmp message received.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
@@ -888,7 +892,11 @@
}
/* payload existency check */
- /* XXX to be checked each authentication method. */
+ if (iph1->dhpub_p == NULL || iph1->nonce_p == NULL) {
+ plog(LLV_ERROR, LOCATION, iph1->remote,
+ "few isakmp message received.\n");
+ goto end;
+ }
/* verify identifier */
if (ipsecdoi_checkid1(iph1) != 0) {
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/dist/rpms/ipsec-tools/FC-3/ipsec-tools.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ipsec-tools.spec 28 Mar 2005 19:21:20 -0000 1.15
+++ ipsec-tools.spec 14 Dec 2005 16:17:26 -0000 1.16
@@ -1,6 +1,6 @@
Name: ipsec-tools
Version: 0.5
-Release: 2.fc3
+Release: 2.fc3.1
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -17,6 +17,8 @@
Patch3: ipsec-tools-0.3.3-stdin.patch
Patch4: ipsec-tools-fix.diff
Patch5: ipsec-tools-0.5-64bit.patch
+Patch6: ipsec-tools-CVE-2005-3732.patch
+
BuildPrereq: openssl-devel, krb5-devel, bison, flex
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: initscripts >= 7.31.11.EL-1
@@ -36,6 +38,7 @@
%patch3 -p1
%patch4 -p0
%patch5 -p1
+%patch6 -p1 -b .CVE-2005-3732
mkdir -p kernel-headers/linux
cp %{SOURCE1} %{SOURCE2} %{SOURCE5} %{SOURCE6} kernel-headers/linux
@@ -90,6 +93,9 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Wed Dec 14 2005 Harald Hoyer <harald at redhat.com> 0.5-2.fc3.1
+- add patch for DoS (CVE-2005-3732, #173841)
+
* Mon Mar 14 2005 Bill Nottingham <notting at redhat.com> 0.5-2.fc3
- add patch for DoS (CAN-2005-0398, #145532)
More information about the fedora-cvs-commits
mailing list