Bug 22739 - sharutils new heap buffer overflow security issue (CVE-2018-1000097)
Summary: sharutils new heap buffer overflow security issue (CVE-2018-1000097)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga6-64-ok
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2018-03-11 14:54 CET by David Walser
Modified: 2018-03-31 21:31 CEST (History)
2 users (show)

See Also:
Source RPM: sharutils-4.15.2-2.mga6.src.rpm
CVE:
Status comment: Patch available from Fedora


Attachments

Description David Walser 2018-03-11 14:54:01 CET
Fedora has issued an advisory on March 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSTLNKMVXDRS7L32VJ5TIEL4Q4PVSGNE/

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-11 14:54:20 CET

Whiteboard: (none) => MGA6TOO
Status comment: (none) => Patch available from Fedora

Stig-Ørjan Smelror 2018-03-12 00:55:51 CET

CC: (none) => smelror
Assignee: bugsquad => smelror

Comment 1 Stig-Ørjan Smelror 2018-03-12 01:09:53 CET
Advisory
========

It was discovered that unshar from sharutils contained a heap buffer overflow flaw that could result in a Denial of Service attack when processing a shar archive if the archive contains overlong lines.

References
==========
https://bugzilla.redhat.com/show_bug.cgi?id=1548018
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSTLNKMVXDRS7L32VJ5TIEL4Q4PVSGNE/

Files
=====

Uploaded to core/update_testing:

sharutils-4.15.2-2.1.mga6

from sharutils-4.15.2-2.1.mga6.src.rpm

Version: Cauldron => 6
Assignee: smelror => qa-bugs
Whiteboard: MGA6TOO => (none)

Comment 2 claire robinson 2018-03-16 18:54:52 CET
Testing complete mga6 64

Before
------
$ echo "blah blah blah" >testfile

$ shar testfile > testfile.shar
shar: Saving testfile (text)

$ file testfile.shar
testfile.shar: shell archive text

$ rm testfile
rm: remove regular file 'testfile'? y

$ unshar testfile.shar
testfile.shar:
x - created lock directory _sh24030.
x - extracting testfile (text)
x - removed lock directory _sh24030.

$ cat testfile
blah blah blah


After
-----
$ rm testfile.shar
rm: remove regular file 'testfile.shar'? y

$ shar testfile > testfile.shar
shar: Saving testfile (text)

$ file testfile.shar
testfile.shar: shell archive text

$ rm testfile
rm: remove regular file 'testfile'? y

$ unshar testfile.shar
testfile.shar:
x - created lock directory _sh24838.
x - extracting testfile (text)
x - removed lock directory _sh24838.

$ cat testfile
blah blah blah

Whiteboard: (none) => mga6-64-ok
Keywords: (none) => has_procedure

Comment 3 Lewis Smith 2018-03-17 21:09:18 CET
Thanks Claire for the test. Validating it.

@David @Stig
The advisory has no CVE; it is uploaded as per comment 1. It can be added.
Done for Mageia 6 only, but comment 0
> Mageia 5 and Mageia 6 are also affected
makes this unsure. Unvalidate it quickly if you really do want both.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 4 David Walser 2018-03-17 22:46:05 CET
Thanks.  Like with most other issues also affecting Mageia 5, I didn't consider the package important enough to push a build for Mageia 5.  I'm trying to mark the ones that really should be fixed on mga5 with MGA5TOO.  I still report in the Comment 0's that Mageia 5 is affected just to document that fact.
Comment 5 Mageia Robot 2018-03-19 13:14:22 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0174.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 6 David Walser 2018-03-31 21:31:11 CEST
Ubuntu has issued an advisory for this on March 22:
https://usn.ubuntu.com/3605-1/

It has CVE-2018-1000097.

Summary: sharutils new heap buffer overflow security issue => sharutils new heap buffer overflow security issue (CVE-2018-1000097)
Severity: normal => major


Note You need to log in before you can comment on or make changes to this bug.