diff --git a/SPECS/fluent-bit/CVE-2026-27135.patch b/SPECS/fluent-bit/CVE-2026-27135.patch new file mode 100644 index 000000000..791a6b217 --- /dev/null +++ b/SPECS/fluent-bit/CVE-2026-27135.patch @@ -0,0 +1,105 @@ +From 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa +Date: Wed, 18 Feb 2026 18:04:30 +0900 +Subject: [PATCH] Fix missing iframe->state validations to avoid assertion + failure + +--- + lib/nghttp2_session.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/lib/nghttp2/lib/nghttp2_session.c b/lib/nghttp2/lib/nghttp2_session.c +index 51ed449..91a3960 100644 +--- a/lib/nghttp2/lib/nghttp2_session.c ++++ b/lib/nghttp2/lib/nghttp2_session.c +@@ -6027,6 +6027,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + return rv; + } + ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } ++ + on_begin_frame_called = 1; + + rv = session_process_headers_frame(session); +@@ -6393,6 +6397,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + if (nghttp2_is_fatal(rv)) { + return rv; + } ++ ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } + } + } + +@@ -6649,6 +6657,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + return rv; + } + ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } ++ + session_inbound_frame_reset(session); + + break; +@@ -6952,6 +6964,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + if (nghttp2_is_fatal(rv)) { + return rv; + } ++ ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } + } else { + iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK; + } +@@ -7124,6 +7140,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + if (nghttp2_is_fatal(rv)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } ++ ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } + } + } + } +@@ -7204,6 +7224,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + return rv; + } + ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } ++ + if (rv != 0) { + busy = 1; + +@@ -7222,6 +7246,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + return rv; + } + ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } ++ + session_inbound_frame_reset(session); + + break; +@@ -7250,6 +7278,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + return rv; + } + ++ if (iframe->state == NGHTTP2_IB_IGN_ALL) { ++ return (ssize_t)inlen; ++ } ++ + session_inbound_frame_reset(session); + + break; +-- +2.34.1 + diff --git a/SPECS/fluent-bit/fluent-bit.spec b/SPECS/fluent-bit/fluent-bit.spec index a8ed045be..0bda7c18a 100644 --- a/SPECS/fluent-bit/fluent-bit.spec +++ b/SPECS/fluent-bit/fluent-bit.spec @@ -1,7 +1,7 @@ Summary: Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX Name: fluent-bit Version: 3.1.10 -Release: 4%{?dist} +Release: 5%{?dist} License: Apache-2.0 Vendor: Intel Corporation Distribution: Edge Microvisor Toolkit @@ -22,6 +22,7 @@ Patch8: CVE-2025-12970.patch Patch9: CVE-2025-12977.patch Patch10: CVE-2025-12969.patch Patch11: CVE-2025-62408.patch +Patch12: CVE-2026-27135.patch BuildRequires: bison BuildRequires: cmake BuildRequires: cyrus-sasl-devel @@ -191,6 +192,9 @@ install -m 644 %{modulename}.pp %{buildroot}%{_datadir}/selinux/packages/%{modul %selinux_modules_uninstall -s %{selinuxtype} %{modulename} %changelog +* Fri Apr 17 2026 Basavarajx unniche - 3.1.10-5 +- Patch for CVE-2026-27135 + * Mon Feb 23 2026 Lee Chee Yang - 3.1.10-4 - merge from Azure Linux 3.0.20260107-3.0 - Patch for CVE-2025-62408