From 80dfe275e662347798cd1c65dfcf94241bab0766 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 12 2014 03:42:44 +0000 Subject: import gnutls-3.1.18-10.el7_0 --- diff --git a/SOURCES/gnutls-3.1.18-cve-2014-8564.patch b/SOURCES/gnutls-3.1.18-cve-2014-8564.patch new file mode 100644 index 0000000..99c598d --- /dev/null +++ b/SOURCES/gnutls-3.1.18-cve-2014-8564.patch @@ -0,0 +1,39 @@ +diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c +index 51abe7b..5816b96 100644 +--- a/lib/gnutls_ecc.c ++++ b/lib/gnutls_ecc.c +@@ -53,12 +53,24 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y, + + /* pad and store x */ + byte_size = (_gnutls_mpi_get_nbits (x) + 7) / 8; ++ if (numlen < byte_size) ++ { ++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ goto cleanup; ++ } ++ + size = out->size - (1 + (numlen - byte_size)); + ret = _gnutls_mpi_print (x, &out->data[1 + (numlen - byte_size)], &size); + if (ret < 0) + return gnutls_assert_val (ret); + + byte_size = (_gnutls_mpi_get_nbits (y) + 7) / 8; ++ if (numlen < byte_size) ++ { ++ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ++ goto cleanup; ++ } ++ + size = out->size - (1 + (numlen + numlen - byte_size)); + ret = + _gnutls_mpi_print (y, &out->data[1 + numlen + numlen - byte_size], &size); +@@ -67,6 +79,9 @@ _gnutls_ecc_ansi_x963_export (gnutls_ecc_curve_t curve, bigint_t x, bigint_t y, + + /* pad and store y */ + return 0; ++cleanup: ++ _gnutls_free_datum(out); ++ return ret; + } + + diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec index 5ecc573..c1f3bc7 100644 --- a/SPECS/gnutls.spec +++ b/SPECS/gnutls.spec @@ -3,7 +3,7 @@ Summary: A TLS protocol implementation Name: gnutls Version: 3.1.18 -Release: 9%{?dist} +Release: 10%{?dist} # The libraries are LGPLv2.1+, utilities are GPLv3+, however # the bundled gnulib is LGPLv3+ License: GPLv3+ and LGPLv2+ and LGPLv3+ @@ -40,6 +40,7 @@ Patch10: gnutls-3.1.18-suiteb.patch Patch11: gnutls-3.1.18-cve-2014-0092.patch Patch12: gnutls-3.1.18-server-hello-fix.patch Patch13: gnutls-3.1.18-fix-crash-on-certain-names.patch +Patch14: gnutls-3.1.18-cve-2014-8564.patch # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 Provides: bundled(gnulib) = 20130424 @@ -151,6 +152,7 @@ This package contains Guile bindings for the library. %patch11 -p1 -b .cve-2014-0092 %patch12 -p1 -b .server-hello-fix %patch13 -p1 -b .fix-crash-on-certain-names +%patch14 -p1 -b .cve-2014-8564 %{SOURCE2} -e @@ -285,6 +287,9 @@ fi %endif %changelog +* Fri Nov 7 2014 Nikos Mavrogiannopoulos - 3.1.18-10 +- Applied fix for CVE-2014-8564 (#1161472) + * Wed May 28 2014 Nikos Mavrogiannopoulos - 3.1.18-9 - fix session ID length check (#1102027) - fixes null pointer dereference (#1101727)