Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
unbound.32015
bsc1185382_CVE-2019-25031_f8875527.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1185382_CVE-2019-25031_f8875527.patch of Package unbound.32015
From f887552763477a606a9608b0f6b498685e0f6587 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Date: Wed, 20 Nov 2019 12:02:19 +0100 Subject: [PATCH] - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. --- contrib/create_unbound_ad_servers.sh | 7 +++++-- doc/Changelog | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git contrib/create_unbound_ad_servers.sh contrib/create_unbound_ad_servers.sh index d31f078b..49fdbffe 100644 --- contrib/create_unbound_ad_servers.sh +++ contrib/create_unbound_ad_servers.sh @@ -9,12 +9,13 @@ # Variables dst_dir="/etc/opt/csw/unbound" work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" +list_addr="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" # OS commands CAT=`which cat` ECHO=`which echo` WGET=`which wget` +TR=`which tr` # Check Wget installed if [ ! -f $WGET ]; then @@ -22,8 +23,10 @@ if [ ! -f $WGET ]; then exit 1 fi +# remove special characters with tr to protect unbound.conf $WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ $CAT $work_dir/yoyo_ad_servers | \ +$TR -d '";$\\' | \ while read line ; \ do \ $ECHO "local-zone: \"$line\" redirect" ;\ @@ -36,4 +39,4 @@ echo "Done." # the unbound_ad_servers file: # # include: $dst_dir/unbound_ad_servers -# \ No newline at end of file +# |diff --git doc/Changelog doc/Changelog |index e6562e98..a4f6d873 100644 |--- doc/Changelog |+++ doc/Changelog |@@ -12,6 +12,8 @@ | reported by X41 D-Sec. | - Fix Out-of-Bounds Read in dname_valid(), | reported by X41 D-Sec. |+ - Fix Config Injection in create_unbound_ad_servers.sh, |+ reported by X41 D-Sec. | | 19 November 2019: Wouter | - Fix CVE-2019-18934, shell execution in ipsecmod. -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
