Summary: | <net-libs/nDPI-4.0: stack buffer overflow in processClientServerHello (CVE-2021-36082) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | netmon, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 830403 | ||
Bug Blocks: |
Description
John Helmert III
2021-07-02 01:24:26 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Released in nDPI-4 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39868efcc6779ea5e5272c3434e4a59f0bae9aa1 commit 39868efcc6779ea5e5272c3434e4a59f0bae9aa1 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-03 11:20:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-03 11:21:21 +0000 net-analyzer/ntopng: add 5.0 As with nDPI, aware of the ar-directly and other similar bugs, but am trying to address this first upstream & go from there. Bug: https://bugs.gentoo.org/799782 Bug: https://bugs.gentoo.org/830403 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/ntopng/Manifest | 1 + net-analyzer/ntopng/ntopng-5.0.ebuild | 92 +++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa4c91dd460e1604ec58cc6b3531e8170812da3f commit fa4c91dd460e1604ec58cc6b3531e8170812da3f Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-03 10:50:06 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-03 11:21:20 +0000 net-libs/nDPI: add 4.0 Includes a patch which adds an API to allow ntopong to work too. (Working on ar/other build system patches upstream.) Bug: https://bugs.gentoo.org/799782 Bug: https://bugs.gentoo.org/625730 Closes: https://bugs.gentoo.org/830403 Thanks-to: Larry Sexton <sexton.larry048@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> net-libs/nDPI/Manifest | 2 ++ net-libs/nDPI/nDPI-4.0.ebuild | 59 ++++++++++++++++++++++++++++++++++++ net-libs/nDPI/nDPI-9999.ebuild | 68 ++++++++++++++++++++---------------------- 3 files changed, 93 insertions(+), 36 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=264f9235c9e09fa072e972c5587c4373d8c015f1 commit 264f9235c9e09fa072e972c5587c4373d8c015f1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-16 21:23:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-16 21:23:11 +0000 net-libs/nDPI: drop 3.4 Bug: https://bugs.gentoo.org/799782 Signed-off-by: John Helmert III <ajak@gentoo.org> net-libs/nDPI/Manifest | 1 - .../files/nDPI-3.4-configure-fail-libcap.patch | 19 ------- .../nDPI-3.4-fix-oob-in-kerberos-dissector.patch | 16 ------ net-libs/nDPI/nDPI-3.4.ebuild | 65 ---------------------- 4 files changed, 101 deletions(-) Tree is clean, all done |