diff --git a/SPECS/unbound/CVE-2024-43168.patch b/SPECS/unbound/CVE-2024-43168.patch new file mode 100644 index 00000000000..280dbee1d95 --- /dev/null +++ b/SPECS/unbound/CVE-2024-43168.patch @@ -0,0 +1,25 @@ +From 193401e7543a1e561dd634a3eaae932fa462a2b9 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Wed, 3 Apr 2024 15:40:58 +0800 +Subject: [PATCH] fix heap-buffer-overflow issue in function cfg_mark_ports of + file util/config_file.c + +--- + util/config_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/util/config_file.c b/util/config_file.c +index 26185da02..e7b2f1959 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -1761,6 +1761,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num) + #endif + if(!mid) { + int port = atoi(str); ++ if(port < 0) { ++ log_err("Prevent out-of-bounds access to array avail"); ++ return 0; ++ } + if(port == 0 && strcmp(str, "0") != 0) { + log_err("cannot parse port number '%s'", str); + return 0; diff --git a/SPECS/unbound/unbound.spec b/SPECS/unbound/unbound.spec index 4acc01c2541..33755c716fd 100644 --- a/SPECS/unbound/unbound.spec +++ b/SPECS/unbound/unbound.spec @@ -1,7 +1,7 @@ Summary: unbound dns server Name: unbound Version: 1.19.1 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -9,6 +9,7 @@ Group: System/Servers URL: https://nlnetlabs.nl/projects/unbound/about/ Source0: https://github.com/nlnetlabs/%{name}/archive/release-%{version}.tar.gz#/%{name}-release-%{version}.tar.gz Source1: %{name}.service +Patch0: CVE-2024-43168.patch BuildRequires: expat-devel BuildRequires: libevent-devel BuildRequires: python3-devel @@ -96,6 +97,9 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \ %{_mandir}/* %changelog +* Thu Aug 15 2024 Aadhar Agarwal - 1.19.1-2 +- Add patch to fix CVE-2024-43168 + * Wed Feb 28 2024 CBL-Mariner Servicing Account - 1.19.1-1 - Auto-upgrade to 1.19.1 - Fix CVE-2023-50387