← Back to branch summary

~ubuntu-branches/ubuntu/maverick/ntp/maverick-proposed

~ubuntu-branches/ubuntu/maverick/ntp/maverick-proposed

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2009-0159.patch

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2009-05-19 15:26:41 UTC
Revision ID: james.westby@ubuntu.com-20090519152641-ctb02x7tfqv5e9a8

Tags: 1:4.2.4p6+dfsg-1ubuntu2

* SECURITY UPDATE: stack overflow in ntpd when autokey is enabled
  - debian/patches/CVE-2009-1252.patch: update ntpd/ntp_crypto.c to use
    snprintf() with NTP_MAXSTRLEN when writing to statstr. Also defensively
    adjust ntp_peer.c and ntp_timer.c to do the same.
  - CVE-2009-1252
* SECURITY UPDATE: stack overflow in ntpq when contacting malicious ntp
  server
  - debian/patches/CVE-2009-0159.patch: increase size of buffer in
    cookedprint() in ntpq/ntpq.c and adjust to use snprintf()
  - CVE-2009-0159

files added:
debian/patches/CVE-2009-0159.patch

debian/patches/CVE-2009-1252.patch

files modified:
debian/changelog

debian/patches/series

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2009-0159.patch

1

#

2

# Upstream: https://support.ntp.org/bugs/show_bug.cgi?id=1144

3

# Patch: http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565

4

# Description: [Sec 1144] limited buffer overflow in ntpq. CVE-2009-0159

5

#

6

diff -Nur ntp-4.2.4p6+dfsg/ntpq/ntpq.c ntp-4.2.4p6+dfsg.new/ntpq/ntpq.c

7

--- ntp-4.2.4p6+dfsg/ntpq/ntpq.c 2009-05-13 11:56:10.000000000 -0500

8

+++ ntp-4.2.4p6+dfsg.new/ntpq/ntpq.c 2009-05-13 11:58:06.000000000 -0500

9

@@ -3185,9 +3185,9 @@

10

if (!decodeuint(value, &uval))

11

output_raw = '?';

12

else {

13

- char b[10];

14

+ char b[12];

15

16

- (void) sprintf(b, "%03lo", uval);

17

+ (void) snprintf(b, sizeof b, "%03lo", uval);

18

output(fp, name, b);

19

}

20

break;

Older »