6da327adb2
Add a fix for CVE-2017-9445: In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. The other patch fixes an issue with the security fix. [Peter: use CVE description from MITRE] Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Cc: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-fix-getty-unit.patch | ||
| 0002-build-check-for-ln-relative.patch | ||
| 0003-fix-am-path-libgcrypt-no-found.patch | ||
| Config.in | ||
| dhcp.network | ||
| network.service | ||
| systemd.hash | ||
| systemd.mk | ||