| Summary: | libarchive new security issue CVE-2013-0211 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/546489/ | ||
| Whiteboard: | has_procedure mga2-32-ok MGA2-64-OK | ||
| Source RPM: | libarchive-3.0.4-2.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-04-08 23:00:07 CEST
David Walser
2013-04-08 23:00:14 CEST
Whiteboard:
(none) =>
MGA2TOO Patched packages uploaded for Mageia 2 and Cauldron. Patch checked into Mageia 1 SVN. Advisory: ======================== Updated libarchive packages fix security vulnerability: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives (CVE-2013-0211). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html ======================== Updated packages in core/updates_testing: ======================== libarchive12-3.0.3-1.1.mga2 libarchive-devel-3.0.3-1.1.mga2 bsdtar-3.0.3-1.1.mga2 bsdcpio-3.0.3-1.1.mga2 from libarchive-3.0.3-1.1.mga2.src.rpm Version:
Cauldron =>
2 Testing complete mga2 32 Testing libarchive12 with ark, opening several formats including iso which failed with a previous update. Testing bsdtar and bsdcpio separately $ ls *.jpg | bsdcpio -ov > somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ bsdcpio -it < somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ cd tmp $ cpio -iv < ~/somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg $ bsdtar cJf tarfile.tar.xz *.jpg $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg tarfile.tar.xz $ file tarfile.tar.xz tarfile.tar.xz: XZ compressed data $ rm -f *.jpg $ bsdtar xJf tarfile.tar.xz $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg tarfile.tar.xz Whiteboard:
(none) =>
has_procedure mga2-32-ok Testing complete on Mageia 2 x86-64. Could someone from the sysadmin team push the srpm libarchive-3.0.3-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated libarchive packages fix security vulnerability: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives (CVE-2013-0211). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html https://bugs.mageia.org/show_bug.cgi?id=9671 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0119 Status:
NEW =>
RESOLVED |