public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Martin Osvald <mosvald@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/nmap] rawhide: Fix CVE-2026-58058 (rhbz#2494410)
Date: Wed, 01 Jul 2026 12:53:13 GMT	[thread overview]
Message-ID: <178291039387.1.14497061366872348896.rpms-nmap-c90db96bd64f@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/nmap
Branch : rawhide
Commit : c90db96bd64f82519e3de4246d98e585290ef916
Author : Martin Osvald <mosvald@redhat.com>
Date   : 2026-06-30T09:31:31+02:00
Stats  : +28/-0 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/nmap/c/c90db96bd64f82519e3de4246d98e585290ef916?branch=rawhide

Log:
Fix CVE-2026-58058 (rhbz#2494410)

---
diff --git a/nmap-CVE-2026-58058.patch b/nmap-CVE-2026-58058.patch
new file mode 100644
index 0000000..9cee66f
--- /dev/null
+++ b/nmap-CVE-2026-58058.patch
@@ -0,0 +1,25 @@
+commit bb6754e76bb1686315008e1aa1c40202a513fb83
+Author: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date:   Thu Jun 25 21:58:49 2026 +0000
+
+    Fix extension header parsing. Credit: Himanshu Anand
+
+diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc
+index 5a2daf187..ba7cfe71a 100644
+--- a/libnetutil/netutil.cc
++++ b/libnetutil/netutil.cc
+@@ -700,11 +700,13 @@ static const u8 *ipv6_get_data_primitive(const struct ip6_hdr *ip6, const u8 *pa
+   *nxt = ip6->ip6_nxt;
+   p += sizeof(*ip6);
+   while (p < end && ipv6_is_extension_header(*nxt)) {
+-    if (p + 2 > end)
++    if (p + 8 > end)
+       return NULL;
+     *nxt = *p;
+     p += (*(p + 1) + 1) * 8;
+   }
++  if (p >= end)
++    return NULL;
+ 
+   *len = end - p;
+   if (upperlayer_only && !ipv6_is_upperlayer(*nxt))

diff --git a/nmap.spec b/nmap.spec
index 4c75878..6db9f5a 100644
--- a/nmap.spec
+++ b/nmap.spec
@@ -31,6 +31,9 @@ Patch9: nmap-ems-ssl-enum-ciphers.patch
 Patch10: nmap-libpcap.patch
 # Fix OpenSSL 4.0 compatibility
 Patch11: nmap-openssl4.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2494410
+# https://github.com/nmap/nmap/commit/bb6754e
+Patch12: nmap-CVE-2026-58058.patch
 
 BuildRequires: automake make
 BuildRequires: autoconf

                 reply	other threads:[~2026-07-01 12:53 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178291039387.1.14497061366872348896.rpms-nmap-c90db96bd64f@fedoraproject.org \
    --to=mosvald@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox