gnu: rpm: Fix CVE-2014-8118.
* gnu/packages/patches/rpm-CVE-2014-8118.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/package-management.scm (rpm): Use it.
This commit is contained in:
parent
41019e9f2a
commit
65da8dd01e
|
@ -716,6 +716,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/ratpoison-shell.patch \
|
%D%/packages/patches/ratpoison-shell.patch \
|
||||||
%D%/packages/patches/readline-link-ncurses.patch \
|
%D%/packages/patches/readline-link-ncurses.patch \
|
||||||
%D%/packages/patches/ripperx-missing-file.patch \
|
%D%/packages/patches/ripperx-missing-file.patch \
|
||||||
|
%D%/packages/patches/rpm-CVE-2014-8118.patch \
|
||||||
%D%/packages/patches/rsem-makefile.patch \
|
%D%/packages/patches/rsem-makefile.patch \
|
||||||
%D%/packages/patches/ruby-symlinkfix.patch \
|
%D%/packages/patches/ruby-symlinkfix.patch \
|
||||||
%D%/packages/patches/rush-CVE-2013-6889.patch \
|
%D%/packages/patches/rush-CVE-2013-6889.patch \
|
||||||
|
|
|
@ -334,7 +334,8 @@ symlinks to the files in a common directory such as /usr/local.")
|
||||||
version ".tar.bz2"))
|
version ".tar.bz2"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))))
|
"0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
|
||||||
|
(patches (search-patches "rpm-CVE-2014-8118.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:configure-flags '("--with-external-db" ;use the system's bdb
|
'(#:configure-flags '("--with-external-db" ;use the system's bdb
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
|
||||||
|
execution via crafted CPIO header).
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
|
||||||
|
|
||||||
|
Source:
|
||||||
|
https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
|
||||||
|
|
||||||
|
Adopted by Debian:
|
||||||
|
http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
|
||||||
|
|
||||||
|
diff --git a/lib/cpio.c b/lib/cpio.c
|
||||||
|
index 253ff0f..600633a 100644
|
||||||
|
--- a/lib/cpio.c
|
||||||
|
+++ b/lib/cpio.c
|
||||||
|
@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
|
||||||
|
|
||||||
|
GET_NUM_FIELD(hdr.filesize, fsize);
|
||||||
|
GET_NUM_FIELD(hdr.namesize, nameSize);
|
||||||
|
+ if (nameSize <= 0 || nameSize > 4096) {
|
||||||
|
+ return RPMERR_BAD_HEADER;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
char name[nameSize + 1];
|
||||||
|
read = Fread(name, nameSize, 1, cpio->fd);
|
Loading…
Reference in New Issue