diff options
author | Armin Kuster <akuster@mvista.com> | 2016-01-30 14:12:44 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-07 17:23:06 +0000 |
commit | 528bdf528d8bfca7746543f61609b9aceb54d53b (patch) | |
tree | aa146bc9815c95cff99ac2c65e2ecff4bcb881be /meta/recipes-devtools/dpkg/dpkg | |
parent | db99f58eea2dfddfd45cceb876f8ecfa7a82b3e8 (diff) | |
download | ast2050-yocto-poky-528bdf528d8bfca7746543f61609b9aceb54d53b.zip ast2050-yocto-poky-528bdf528d8bfca7746543f61609b9aceb54d53b.tar.gz |
dpkg: Security fix CVE-2015-0860
CVE-2015-0860 dpkg: stack overflows and out of bounds read
(From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b)
(From OE-Core rev: 4dea3e7b9a0041e7359981e68c561e7de8ad3ae5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/dpkg/dpkg')
-rw-r--r-- | meta/recipes-devtools/dpkg/dpkg/CVE-2015-0860.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dpkg/dpkg/CVE-2015-0860.patch b/meta/recipes-devtools/dpkg/dpkg/CVE-2015-0860.patch new file mode 100644 index 0000000..2008d89 --- /dev/null +++ b/meta/recipes-devtools/dpkg/dpkg/CVE-2015-0860.patch @@ -0,0 +1,53 @@ +From f1aac7d933819569bf6f347c3c0d5a64a90bbce0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hanno=20B=C3=B6ck?= <hanno@hboeck.de> +Date: Thu, 19 Nov 2015 20:03:10 +0100 +Subject: [PATCH] dpkg-deb: Fix off-by-one write access on ctrllenbuf variable + +This affects old format .deb packages. + +Fixes: CVE-2015-0860 +Warned-by: afl +Signed-off-by: Guillem Jover <guillem@debian.org> + +Upstream-Status: Backport + +https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?h=wheezy&id=f1aac7d933819569bf6f347c3c0d5a64a90bbce0 + +CVE: CVE-2015-0860 + +hand merge Changelog + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + debian/changelog | 3 +++ + dpkg-deb/extract.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: dpkg-1.17.21/dpkg-deb/extract.c +=================================================================== +--- dpkg-1.17.21.orig/dpkg-deb/extract.c ++++ dpkg-1.17.21/dpkg-deb/extract.c +@@ -245,7 +245,7 @@ extracthalf(const char *debar, const cha + if (errstr) + ohshit(_("archive has invalid format version: %s"), errstr); + +- r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf)); ++ r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf) - 1); + if (r < 0) + read_fail(r, debar, _("archive control member size")); + if (sscanf(ctrllenbuf, "%jd%c%d", &ctrllennum, &nlc, &dummy) != 2 || +Index: dpkg-1.17.21/ChangeLog +=================================================================== +--- dpkg-1.17.21.orig/ChangeLog ++++ dpkg-1.17.21/ChangeLog +@@ -1,3 +1,9 @@ ++[ Guillem Jover ] ++ * Fix an off-by-one write access in dpkg-deb when parsing the old format ++ .deb control member size. Thanks to Hanno Böck <hanno@hboeck.de>. ++ Fixes CVE-2015-0860. ++ ++ + commit 6fc9e281551e0d851e38249679688bbabbad5c5f + Author: Guillem Jover <guillem@debian.org> + Date: Sat Oct 25 02:24:41 2014 +0200 |