Two security issues were reported in exfat-utils: http://openwall.com/lists/oss-security/2015/10/24/1 The upstream commits to fix the issues are linked in the message above. They are also fixed in 1.2.1. Reproducible: Steps to Reproduce:
CC: (none) => yann.cantinWhiteboard: (none) => MGA5TOO
Pushed 1.2.1 to Cauldron and added patches from upstream to mga5's 1.1.0. RPM/SRPM: exfat-utils-1.1.0-3.1.mga5 Suggested advisory: #### Fix heap overflow and endless loop in exfatfsck exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run filesystem checks automatically on external devices like USB flash drives. A malformed input can cause a write heap overflow in the function verify_vbr_checksum. It might be possible to use this for code execution. Another malformed input can cause an endless loop, leading to a possible denial of service. References: https://bugs.mageia.org/show_bug.cgi?id=17013 http://openwall.com/lists/oss-security/2015/10/24/1 ####
CC: (none) => jani.valimaaAssignee: jani.valimaa => qa-bugs
CC: (none) => davidwhodginsWhiteboard: MGA5TOO => MGA5TOO advisory
Version: Cauldron => 5Whiteboard: MGA5TOO advisory => advisory
CVE-2015-8026 assigned for the heap overflow: http://openwall.com/lists/oss-security/2015/10/29/13 There's no CVE for the endless loop. Please update the advisory.
Summary: exfat-utils new security issues fixed upstream in 1.2.1 => exfat-utils new security issues fixed upstream in 1.2.1 (CVE-2015-8026)
Testing complete mga5 32 Used test file from openwall report. $ curl -O https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum Before ====== # exfatfsck /home/claire/test/exfatfsck-heap-overflow-write-verify_vbr_checksum exfatfsck 1.1.0 ERROR: invalid VBR checksum 0x45303030 (expected 0xbb38a2da). *** Error in `exfatfsck': free(): invalid next size (fast): 0x08b9d080 *** *** Error in `exfatfsck': malloc(): memory corruption: 0x08b9d090 *** ^C After ===== # exfatfsck /home/claire/test/exfatfsck-heap-overflow-write-verify_vbr_checksum exfatfsck 1.1.0 ERROR: too big cluster size: 2^(48+48).
Whiteboard: advisory => advisory has_procedure mga5-32-ok
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0422.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/662905/