Fedora has issued an advisory on March 30: http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html Mageia 2 is also probably affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Patched packages uploaded for Mageia 2 and Cauldron. Patch checked into Mageia 1 SVN. Advisory: ======================== Updated libarchive packages fix security vulnerability: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives (CVE-2013-0211). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html ======================== Updated packages in core/updates_testing: ======================== libarchive12-3.0.3-1.1.mga2 libarchive-devel-3.0.3-1.1.mga2 bsdtar-3.0.3-1.1.mga2 bsdcpio-3.0.3-1.1.mga2 from libarchive-3.0.3-1.1.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO => (none)
Testing complete mga2 32 Testing libarchive12 with ark, opening several formats including iso which failed with a previous update. Testing bsdtar and bsdcpio separately $ ls *.jpg | bsdcpio -ov > somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ bsdcpio -it < somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ cd tmp $ cpio -iv < ~/somefiles.cpio 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg 5422 blocks $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg $ bsdtar cJf tarfile.tar.xz *.jpg $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg tarfile.tar.xz $ file tarfile.tar.xz tarfile.tar.xz: XZ compressed data $ rm -f *.jpg $ bsdtar xJf tarfile.tar.xz $ ls 22.jpg 6270015-610-407.jpg 7870.jpg test.jpg tarfile.tar.xz
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete on Mageia 2 x86-64. Could someone from the sysadmin team push the srpm libarchive-3.0.3-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated libarchive packages fix security vulnerability: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives (CVE-2013-0211). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html https://bugs.mageia.org/show_bug.cgi?id=9671
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok MGA2-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0119
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED