5afa2320ec
Fix CVE-2021-40114: Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU https://www.snort.org/downloads/snort/changelog_2.9.18.1.txt Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
78 lines
2.8 KiB
Diff
78 lines
2.8 KiB
Diff
From eae97632157b73f0ca7c099232617b2777d0fa54 Mon Sep 17 00:00:00 2001
|
|
From: Sergio Prado <sergio.prado@e-labworks.com>
|
|
Date: Sat, 21 Dec 2019 12:00:42 -0300
|
|
Subject: [PATCH] Fix error when building on a Fedora host machine.
|
|
|
|
Remove the code that adds unsafe header/library path when
|
|
cross-compiling on a Fedora host machine.
|
|
|
|
Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
|
|
[Fabrice: Update for 2.9.18.1 (also fix build on Centos host machine)]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
configure.in | 24 ------------------------
|
|
1 file changed, 24 deletions(-)
|
|
|
|
diff --git a/configure.in b/configure.in
|
|
index e6586f399898..fb35d4d7e3e3 100644
|
|
--- a/configure.in
|
|
+++ b/configure.in
|
|
@@ -957,54 +957,6 @@ if test "x$enable_dlclose" = "xno"; then
|
|
AC_DEFINE([DISABLE_DLCLOSE_FOR_VALGRIND_TESTING],[1],[Don't close opened shared objects for valgrind leak testing of dynamic libraries])
|
|
fi
|
|
|
|
-##################################################
|
|
-# Fedora 28+ does not have inbuilt SunRPC support#
|
|
-# in glibc and is separately availble in tirpc #
|
|
-# package. Make sure we've got the library and #
|
|
-# link it #
|
|
-##################################################
|
|
-
|
|
-if test -f /etc/fedora-release ; then
|
|
- DISTRO_VERSION=$(awk '{ print $3 }' /etc/fedora-release)
|
|
- if test $DISTRO_VERSION -ge 28 ; then
|
|
- TIRPC=""
|
|
- AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
|
|
- echo "$TIRPC"
|
|
- if test "x$TIRPC" = "xno"; then
|
|
- echo
|
|
- echo " ERROR! tirpc not found, get it by running "
|
|
- echo " yum install libtirpc-devel "
|
|
- exit
|
|
- fi
|
|
- LIBS="${LIBS} -ltirpc"
|
|
- extra_incl="-I/usr/include/tirpc"
|
|
- fi
|
|
-fi
|
|
-
|
|
-##################################################
|
|
-# Centos 8+ does not have inbuilt SunRPC support #
|
|
-# in glibc and is separately availble in tirpc #
|
|
-# package. Make sure we've got the library and #
|
|
-# link it #
|
|
-##################################################
|
|
-if test -f /etc/centos-release ; then
|
|
- LINUX_FLAVOUR=$(awk '{ print $1 }' /etc/centos-release)
|
|
- DISTRO_VERSION=`cut -d ' ' -f 4 /etc/centos-release | cut -d '.' -f 1`
|
|
- if [[ "$LINUX_FLAVOUR" == "CentOS" ]] && [[ $DISTRO_VERSION -ge 8 ]]; then
|
|
- TIRPC=""
|
|
- AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
|
|
- echo "$TIRPC"
|
|
- if test "x$TIRPC" = "xno"; then
|
|
- echo
|
|
- echo " ERROR! tirpc not found, get it by running "
|
|
- echo " yum install libtirpc-devel or dnf install libtirpc-devel"
|
|
- exit
|
|
- fi
|
|
- LIBS="${LIBS} -ltirpc"
|
|
- extra_incl="-I/usr/include/tirpc"
|
|
- fi
|
|
-fi
|
|
-
|
|
Z_LIB=""
|
|
AC_CHECK_HEADERS(zlib.h,, Z_LIB="no")
|
|
if test "x$Z_LIB" = "xno"; then
|
|
--
|
|
2.17.1
|
|
|