gnu: rpm: Fix CVE-2014-8118.

* gnu/packages/patches/rpm-CVE-2014-8118.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/package-management.scm (rpm): Use it.
This commit is contained in:
Leo Famulari 2016-05-29 13:57:56 -04:00
parent 41019e9f2a
commit 65da8dd01e
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 28 additions and 1 deletions

View File

@ -716,6 +716,7 @@ dist_patch_DATA = \
%D%/packages/patches/ratpoison-shell.patch \ %D%/packages/patches/ratpoison-shell.patch \
%D%/packages/patches/readline-link-ncurses.patch \ %D%/packages/patches/readline-link-ncurses.patch \
%D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rpm-CVE-2014-8118.patch \
%D%/packages/patches/rsem-makefile.patch \ %D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-symlinkfix.patch \ %D%/packages/patches/ruby-symlinkfix.patch \
%D%/packages/patches/rush-CVE-2013-6889.patch \ %D%/packages/patches/rush-CVE-2013-6889.patch \

View File

@ -334,7 +334,8 @@ symlinks to the files in a common directory such as /usr/local.")
version ".tar.bz2")) version ".tar.bz2"))
(sha256 (sha256
(base32 (base32
"0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp")))) "0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
(patches (search-patches "rpm-CVE-2014-8118.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
'(#:configure-flags '("--with-external-db" ;use the system's bdb '(#:configure-flags '("--with-external-db" ;use the system's bdb

View File

@ -0,0 +1,25 @@
Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
execution via crafted CPIO header).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
Source:
https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
Adopted by Debian:
http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
diff --git a/lib/cpio.c b/lib/cpio.c
index 253ff0f..600633a 100644
--- a/lib/cpio.c
+++ b/lib/cpio.c
@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
GET_NUM_FIELD(hdr.filesize, fsize);
GET_NUM_FIELD(hdr.namesize, nameSize);
+ if (nameSize <= 0 || nameSize > 4096) {
+ return RPMERR_BAD_HEADER;
+ }
char name[nameSize + 1];
read = Fread(name, nameSize, 1, cpio->fd);