Sergei Lukin: 1 main/busybox: security fixes #6618 2 files changed, 55 insertions(+), 5 deletions(-)
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/aports/patches/29/mbox | git am -3Learn more about email & git
CVE-2016-6301: NTP server denial of service flaw --- main/busybox/APKBUILD | 20 +++++++++++++++----- main/busybox/CVE-2016-6301.patch | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 main/busybox/CVE-2016-6301.patch diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 0f3b54b..872cd75 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=busybox pkgver=1.24.2 -pkgrel=0 +pkgrel=1 pkgdesc="Size optimized toolbox of many common UNIX utilities" url=http://busybox.net arch="all" @@ -46,7 +47,13 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 acpid.logrotate busyboxconfig - glibc.patch" + glibc.patch + CVE-2016-6301.patch + " + +# secfixes: +# 1.24.2-r1: +# - CVE-2016-6301 _sdir="$srcdir"/$pkgname-$pkgver _staticdir="$srcdir"/build-static @@ -181,7 +188,8 @@ f82d49c891c02516462db3cda29ccca7 3003-su-FEATURE_SU_NULLOK_SECURE.patch a4d1cf64fd1835a284ccc6dbc78e3ce0 0001-ash-fix-error-during-recursive-processing-of-here-do.patch 4046b78ee6a25259954797d73b94f4bd acpid.logrotate 5cddea6331e6aff69869568b679186ec busyboxconfig -befaac2c59c380e36a452b3f1c1d4a3a glibc.patch" +befaac2c59c380e36a452b3f1c1d4a3a glibc.patch +b23dd4bd38216d05d88287371d35513a CVE-2016-6301.patch" sha256sums="e71ef53ec656f31c42633918d301405d40dea1d97eca12f272217ae4a971c855 busybox-1.24.2.tar.bz2 81957f1fe0c386120dad1c8174ccc1fcfeed98c14d229db7d164d4fb4c938b3d bbsuid.c 9bbf0bec82e6d6907474958f3be048c54657fbf49207810b7e4d4d6146f0069d nologin.c @@ -207,7 +215,8 @@ f712ce190ce86084d56977e125d1561615394f3d9b840e926537868260e19d79 0001-ash-backp 1d3f8f7b6d0972f8e56437fce8efbafe70e2d869fbe82f06eba11e0103fce224 0001-ash-fix-error-during-recursive-processing-of-here-do.patch f7cbeb5a5a47395ad30454ce8262abcd3e91c33ef803c2ae31a9258d7142dd48 acpid.logrotate ddc0c2e87e37a5e6cc878c5c5c14093c43b361a4d32eee813e0f0b01900efb9e busyboxconfig -c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0 glibc.patch" +c604ef791c31d35a8c5ee4558d21428a46f37a6d762c4a7e29864f4037fc44a0 glibc.patch +0bffce454b303b832a19946006eebcb217fa6e14a3c638170bd003dc66504e77 CVE-2016-6301.patch" sha512sums="4d20fb68ee440be2855231c7fd5f3cb9dd9bfcc1a688f0b59cd3f7a55c8819e9cc44bd15f91500713571f2a84e5e44adc0fa8ae0ae3ebf63961dfc9e1c9ef8e0 busybox-1.24.2.tar.bz2 16b3dd6a8b76b062d51458351fcb44f84b49eb4bf898584c933df90fb2cb3966f9547865a4d7447589bb20b7c203beb04ff7512f76f85d29138d2cff4eb9ee81 bbsuid.c 4e7c291a70e879b74c0fc07c54a73ef50537d8be68fee6b2d409425c07afd2d67f9b6afcd8c33a7971014913cc5de85e45079681c9e77200c6cc2f34acfba6d2 nologin.c @@ -233,4 +242,5 @@ d55cab6ed08434e2a278edf1be6171b921bcaee47598988e4de6b390a01569e10394c54d5d4a27e6 c14a632f9477c13ea99b24a73c81c9c44ead8b536970acd758e739b43a6260860039674341192ce7bb20a9204ee7d93dcd9541e526f2437d4d2d88637b400867 0001-ash-fix-error-during-recursive-processing-of-here-do.patch dadb4c953ebc755b88ee95c1489feb0c2d352f6e44abc716166024e6eea11ab9d10c84fad62c081775834d205cb04aa1be3c994676c88f4284495c54b9188e8b acpid.logrotate 249f9c4769b7e20149109810bed8ed48c87e7e67817f27fbb620857bb3db1857f2d1616c4badba5c9eb2b6a1a14a15e89327b8c5f3c2d3ea15d09e252bab2a20 busyboxconfig -1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc glibc.patch" +1d2739379dab1deb3eae7cffd4845300eb7d30f7343b4a1209b21a5680860d55080ad45fdefe098b249ce3040c01951fa7f0a79cd447b2d7b260eb000099d9dc glibc.patch +a3030e07a30951b2c4a292670f2ff87541c2a84322525422505f1e3f578021b87c004d0180e5f4219bd1befef2981283b331eb3471de0ae6e4bf44dba8fab502 CVE-2016-6301.patch" diff --git a/main/busybox/CVE-2016-6301.patch b/main/busybox/CVE-2016-6301.patch new file mode 100644 index 0000000..fc736cf --- /dev/null +++ b/main/busybox/CVE-2016-6301.patch @@ -0,0 +1,40 @@ +From 150dc7a2b483b8338a3e185c478b4b23ee884e71 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar <mlichvar@redhat.com> +Date: Mon, 1 Aug 2016 20:24:24 +0200 +Subject: ntpd: respond only to client and symmetric active packets + +The busybox NTP implementation doesn't check the NTP mode of packets +received on the server port and responds to any packet with the right +size. This includes responses from another NTP server. An attacker can +send a packet with a spoofed source address in order to create an +infinite loop of responses between two busybox NTP servers. Adding +more packets to the loop increases the traffic between the servers +until one of them has a fully loaded CPU and/or network. + +Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + networking/ntpd.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/networking/ntpd.c b/networking/ntpd.c +index 130cef0..8ca62cf 100644 +--- a/networking/ntpd.c ++++ b/networking/ntpd.c +@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int fd*/) + goto bail; + } + ++ /* Respond only to client and symmetric active packets */ ++ if ((msg.m_status & MODE_MASK) != MODE_CLIENT ++ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT ++ ) { ++ goto bail; ++ } ++ + query_status = msg.m_status; + query_xmttime = msg.m_xmttime; + +-- +cgit v0.12 + -- 2.6.6 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---