Hello community, here is the log from the commit of package dhcp for openSUSE:12.1:Update:Test checked in at 2011-12-09 16:44:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/dhcp (Old) and /work/SRC/openSUSE:12.1:Update:Test/.dhcp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dhcp", Maintainer is "mt@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/dhcp/dhcp.changes 2011-12-09 16:44:57.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.dhcp.new/dhcp.changes 2011-12-09 16:44:58.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Dec 9 13:20:44 UTC 2011 - mt@suse.com + +- Applied security fix for a DoS due to processing certain regular + expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539): + * Add a check for a null pointer before calling the regexec function. + Without out this check we could, under some circumstances, pass + a null pointer to the regexec function causing it to segfault. + Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] + +------------------------------------------------------------------- New: ---- dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcp.spec ++++++ --- /var/tmp/diff_new_pack.qElZuk/_old 2011-12-09 16:44:58.000000000 +0100 +++ /var/tmp/diff_new_pack.qElZuk/_new 2011-12-09 16:44:58.000000000 +0100 @@ -88,6 +88,7 @@ Patch45: dhcp-4.2.2-dhclient-option-checks.bnc675052.diff Patch46: dhcp-4.2.2-close-on-exec.diff Patch47: dhcp-4.2.2-quiet-dhclient.bnc711420.diff +Patch48: dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -216,6 +217,7 @@ %patch45 -p1 %patch46 -p1 %patch47 -p1 +%patch48 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* ++++++ dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ++++++
From 34f5e08fd3265f950b460dd5886d15984e69a765 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski
Date: Fri, 9 Dec 2011 13:45:53 +0100 Subject: [PATCH] CVE-2011-4539 regex DoS
Extracted from 4.2.3-P1:
Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704].
Signed-off-by: Marius Tomaschewski