diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2017-06-02 14:56:09 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2017-06-07 12:14:15 +0200 |
commit | 272a7bcc6eb17ee5e7836dadfa95387316fcd5ee (patch) | |
tree | 234b312c836c1e12e5f3e490bcfd91c675aa9282 /patches | |
parent | 7c67c21b2928411aae09d8ddd27550e7625e43a7 (diff) | |
download | ptxdist-272a7bcc6eb17ee5e7836dadfa95387316fcd5ee.tar.gz ptxdist-272a7bcc6eb17ee5e7836dadfa95387316fcd5ee.tar.xz |
bzip2: Fix CVE-2016-3189
Fixes: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6
allows remote attackers to cause a denial of service (crash) via a
crafted bzip2 file, related to block ends set to before the start of the
block.
https://security-tracker.debian.org/tracker/CVE-2016-3189
While at it, regenerate the first patch to apply cleanly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches')
-rw-r--r-- | patches/bzip2-1.0.6/0001-fixup-Makefile.patch | 4 | ||||
-rw-r--r-- | patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch | 23 | ||||
-rw-r--r-- | patches/bzip2-1.0.6/series | 3 |
3 files changed, 27 insertions, 3 deletions
diff --git a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch index 85d4fb4bd..0e2602134 100644 --- a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch +++ b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch @@ -13,7 +13,7 @@ Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de> 1 files changed, 69 insertions(+), 65 deletions(-) diff --git a/Makefile b/Makefile -index eb09753..8b1bf77 100644 +index 9754ddf286b1..8e6a46b63904 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,8 @@ @@ -203,5 +203,5 @@ index eb09753..8b1bf77 100644 - rm -f manual.ps manual.html manual.pdf + #rm -f manual.ps manual.html manual.pdf - DISTNAME=bzip2-1.0.5 + DISTNAME=bzip2-1.0.6 dist: check manual diff --git a/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch new file mode 100644 index 000000000..d3ba2379a --- /dev/null +++ b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch @@ -0,0 +1,23 @@ +From: Jakub Martisko <jamartis@redhat.com> +Date: Wed, 30 Mar 2016 10:22:27 +0200 +Subject: [PATCH] bzip2recover: Fix potential use-after-free + +Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189 +Bug-Debian: https://bugs.debian.org/827744 +--- + bzip2recover.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/bzip2recover.c b/bzip2recover.c +index f9de0496abf1..252c1b79853d 100644 +--- a/bzip2recover.c ++++ b/bzip2recover.c +@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv ) + bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); + bsPutUInt32 ( bsWr, blockCRC ); + bsClose ( bsWr ); ++ outFile = NULL; + } + if (wrBlock >= rbCtr) break; + wrBlock++; diff --git a/patches/bzip2-1.0.6/series b/patches/bzip2-1.0.6/series index 78ff34566..faf98db85 100644 --- a/patches/bzip2-1.0.6/series +++ b/patches/bzip2-1.0.6/series @@ -1,4 +1,5 @@ # generated by git-ptx-patches #tag:base --start-number 1 0001-fixup-Makefile.patch -# cf8c416b9e8252c5e89375edfd4523b9 - git-ptx-patches magic +0002-bzip2recover-Fix-potential-use-after-free.patch +# b97444d53b93823526970708b2bbb965 - git-ptx-patches magic |