rpms/dhcp/F-10 dhcp-4.0.0-CVE-2009-0692.patch, NONE, 1.1 dhcp-4.0.0-CVE-2009-1892.patch, NONE, 1.1 dhcp.spec, 1.233, 1.234

David Cantrell dcantrel at fedoraproject.org
Wed Aug 5 22:33:29 UTC 2009 

Author: dcantrel

Update of /cvs/pkgs/rpms/dhcp/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21847

Modified Files:
	dhcp.spec 
Added Files:
	dhcp-4.0.0-CVE-2009-0692.patch dhcp-4.0.0-CVE-2009-1892.patch 
Log Message:
* Wed Aug 05 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-37
- Fix for CVE-2009-0692
- Fix for CVE-2009-1892 (#511834)


dhcp-4.0.0-CVE-2009-0692.patch:
 dhclient.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- NEW FILE dhcp-4.0.0-CVE-2009-0692.patch ---
diff -up dhcp-4.0.0/client/dhclient.c.CVE-2009-0692 dhcp-4.0.0/client/dhclient.c
--- dhcp-4.0.0/client/dhclient.c.CVE-2009-0692	2007-11-30 11:51:42.000000000 -1000
+++ dhcp-4.0.0/client/dhclient.c	2009-08-05 12:10:19.000000000 -1000
@@ -2813,8 +2813,15 @@ void script_write_params (client, prefix
 		if (data.len > 3) {
 			struct iaddr netmask, subnet, broadcast;
 
-			memcpy (netmask.iabuf, data.data, data.len);
-			netmask.len = data.len;
+			/*
+			 * No matter the length of the subnet-mask option,
+			 * use only the first four octets.  Note that
+			 * subnet-mask options longer than 4 octets are not
+			 * in conformance with RFC 2132, but servers with this
+			 * flaw do exist.
+			 */
+			memcpy(netmask.iabuf, data.data, 4);
+			netmask.len = 4;
 			data_string_forget (&data, MDL);
 
 			subnet = subnet_number (lease -> address, netmask);

dhcp-4.0.0-CVE-2009-1892.patch:
 dhcp.c |    2 ++
 1 file changed, 2 insertions(+)

--- NEW FILE dhcp-4.0.0-CVE-2009-1892.patch ---
diff -up dhcp-4.0.0/server/dhcp.c.CVE-2009-1892 dhcp-4.0.0/server/dhcp.c
--- dhcp-4.0.0/server/dhcp.c.CVE-2009-1892	2007-11-02 12:09:02.000000000 -1000
+++ dhcp-4.0.0/server/dhcp.c	2009-08-05 12:11:26.000000000 -1000
@@ -1725,6 +1725,8 @@ void ack_lease (packet, lease, offer, wh
 				host_reference (&host, h, MDL);
 		}
 		if (!host) {
+			if (hp)
+				host_dereference (&hp, MDL);
 			find_hosts_by_haddr (&hp,
 					     packet -> raw -> htype,
 					     packet -> raw -> chaddr,


Index: dhcp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dhcp/F-10/dhcp.spec,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -p -r1.233 -r1.234
--- dhcp.spec	27 Jun 2009 02:34:43 -0000	1.233
+++ dhcp.spec	5 Aug 2009 22:33:29 -0000	1.234
@@ -4,7 +4,7 @@
 Summary:  DHCP (Dynamic Host Configuration Protocol) server and relay agent
 Name:     dhcp
 Version:  4.0.0
-Release:  36%{?dist}
+Release:  37%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -49,6 +49,8 @@ Patch19:  %{name}-4.0.0-inherit-leases.p
 Patch20:  %{name}-4.0.0-garbage-chars.patch
 Patch21:  %{name}-4.0.0-port-validation.patch
 Patch22:  %{name}-4.0.0-invalid-dhclient-conf.patch
+Patch23:  %{name}-4.0.0-CVE-2009-0692.patch
+Patch24:  %{name}-4.0.0-CVE-2009-1892.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@@ -212,6 +214,14 @@ client library.
 # The sample dhclient.conf should say 'supersede domain-search' (#467955)
 %patch22 -p1
 
+# Fix for CVE-2009-0692 (patch from Mandriva SRPM)
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
+%patch23 -p1
+
+# Fix for CVE-2009-1892 (patch from Mandriva SRPM)
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
+%patch24 -p1
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0644 %{SOURCE5} .
 %{__install} -p -m 0644 %{SOURCE6} doc/
@@ -449,6 +459,10 @@ fi
 %{_libdir}/libdhcp4client.so
 
 %changelog
+* Wed Aug 05 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-37
+- Fix for CVE-2009-0692
+- Fix for CVE-2009-1892 (#511834)
+
 * Fri Jun 26 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-36
 - Fix SELinux denials in dhclient-script when the script makes backup
   configuration files and restores them later (#483747)

More information about the fedora-extras-commits mailing list