From 290b0672d4fdf1bac17b93f301afc427b8676e57 Mon Sep 17 00:00:00 2001 From: Igor Raits Date: Dec 01 2021 18:07:38 +0000 Subject: Fix CVE-2021-23017 Signed-off-by: Igor Raits --- diff --git a/SOURCES/nginx-1.14.1-CVE-2021-23017.patch b/SOURCES/nginx-1.14.1-CVE-2021-23017.patch new file mode 100644 index 0000000..3d033f8 --- /dev/null +++ b/SOURCES/nginx-1.14.1-CVE-2021-23017.patch @@ -0,0 +1,34 @@ +From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001 +From: Maxim Dounin +Date: Tue, 25 May 2021 15:17:36 +0300 +Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy(). + +Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH. +--- + src/core/ngx_resolver.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c +index 7939070102..63b26193df 100644 +--- a/src/core/ngx_resolver.c ++++ b/src/core/ngx_resolver.c +@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src, + n = *src++; + + } else { ++ if (dst != name->data) { ++ *dst++ = '.'; ++ } ++ + ngx_strlow(dst, src, n); + dst += n; + src += n; + + n = *src++; +- +- if (n != 0) { +- *dst++ = '.'; +- } + } + + if (n == 0) { diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec index 3c4911c..265b67c 100644 --- a/SPECS/nginx.spec +++ b/SPECS/nginx.spec @@ -19,7 +19,7 @@ Name: nginx Epoch: 1 Version: 1.14.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: A high performance web server and reverse proxy server Group: System Environment/Daemons @@ -70,6 +70,7 @@ Patch5: nginx-1.14.1-enable-tls1v3-by-default.patch Patch200: nginx-1.14.1-CVE-2019-9511.patch Patch201: nginx-1.14.1-CVE-2019-9513.patch Patch202: nginx-1.14.1-CVE-2019-9516.patch +Patch203: https://github.com/nginx/nginx/commit/9f1dcb0c0473641730b871dee984016ff19d2c53.patch#/nginx-1.14.1-CVE-2021-23017.patch %if 0%{?with_gperftools} BuildRequires: gperftools-devel @@ -214,6 +215,7 @@ Requires: nginx %patch200 -p1 %patch201 -p1 %patch202 -p1 +%patch203 -p1 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} . @@ -485,6 +487,9 @@ fi %changelog +* Wed Dec 01 2021 Igor Raits - 1:1.14.1-10 +- Fix CVE-2021-23017 + * Fri Aug 30 2019 Lubos Uhliarik - 1:1.14.1-9 - Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of data request leads to denial of service