From 6933d411f54823a0779b03779500402a710e3b12 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Tue, 30 Jun 2026 09:08:08 +0000 Subject: [PATCH] Patch nmap for CVE-2026-58058 --- SPECS/nmap/CVE-2026-58058.patch | 33 +++++++++++++++++++++++++++++++++ SPECS/nmap/nmap.spec | 6 +++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 SPECS/nmap/CVE-2026-58058.patch diff --git a/SPECS/nmap/CVE-2026-58058.patch b/SPECS/nmap/CVE-2026-58058.patch new file mode 100644 index 00000000000..f741f6c9e2b --- /dev/null +++ b/SPECS/nmap/CVE-2026-58058.patch @@ -0,0 +1,33 @@ +From fa30389e3aab8a83b991e62944eaa5ab6cd6fbda Mon Sep 17 00:00:00 2001 +From: dmiller +Date: Thu, 25 Jun 2026 21:58:49 +0000 +Subject: [PATCH] Fix extension header parsing. Credit: Himanshu Anand + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83.patch +--- + libnetutil/netutil.cc | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc +index 011d249..e837b6c 100644 +--- a/libnetutil/netutil.cc ++++ b/libnetutil/netutil.cc +@@ -621,11 +621,13 @@ static const void *ipv6_get_data_primitive(const struct ip6_hdr *ip6, + *nxt = ip6->ip6_nxt; + p += sizeof(*ip6); + while (p < end && ipv6_is_extension_header(*nxt)) { +- if (p + 2 > end) ++ if (p + 8 > end) + return NULL; + *nxt = *p; + p += (*(p + 1) + 1) * 8; + } ++ if (p >= end) ++ return NULL; + + *len = end - p; + if (upperlayer_only && !ipv6_is_upperlayer(*nxt)) +-- +2.45.4 + diff --git a/SPECS/nmap/nmap.spec b/SPECS/nmap/nmap.spec index 9b2bf1146bc..35537ac4791 100644 --- a/SPECS/nmap/nmap.spec +++ b/SPECS/nmap/nmap.spec @@ -1,7 +1,7 @@ Summary: Nmap Network Mapper Name: nmap Version: 7.95 -Release: 3%{?dist} +Release: 4%{?dist} License: Nmap Vendor: Microsoft Corporation Distribution: Azure Linux @@ -22,6 +22,7 @@ Patch0: remove_openssl_macro.patch Patch1: CVE-2024-8006.patch Patch2: CVE-2023-7256.patch Patch3: CVE-2025-11961.patch +Patch4: CVE-2026-58058.patch %description Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. @@ -66,6 +67,9 @@ ln -s ncat %{buildroot}%{_bindir}/nc %{_bindir}/nc %changelog +* Tue Jun 30 2026 Azure Linux Security Servicing Account - 7.95-4 +- Patch for CVE-2026-58058 + * Mon Jan 05 2026 Azure Linux Security Servicing Account - 7.95-3 - Patch for CVE-2025-11961