From: Sascha Hauer <s.hauer@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 4/4] bzip2: Fix CVE-2016-3189
Date: Fri, 2 Jun 2017 14:56:09 +0200 [thread overview]
Message-ID: <20170602125609.18421-5-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20170602125609.18421-1-s.hauer@pengutronix.de>
Fixes: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6
allows remote attackers to cause a denial of service (crash) via a
crafted bzip2 file, related to block ends set to before the start of the
block.
https://security-tracker.debian.org/tracker/CVE-2016-3189
While at it, regenerate the first patch to apply cleanly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
patches/bzip2-1.0.6/0001-fixup-Makefile.patch | 4 ++--
...bzip2recover-Fix-potential-use-after-free.patch | 23 ++++++++++++++++++++++
patches/bzip2-1.0.6/series | 3 ++-
3 files changed, 27 insertions(+), 3 deletions(-)
create mode 100644 patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
diff --git a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
index 85d4fb4bd..0e2602134 100644
--- a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
+++ b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
@@ -13,7 +13,7 @@ Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
1 files changed, 69 insertions(+), 65 deletions(-)
diff --git a/Makefile b/Makefile
-index eb09753..8b1bf77 100644
+index 9754ddf286b1..8e6a46b63904 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,8 @@
@@ -203,5 +203,5 @@ index eb09753..8b1bf77 100644
- rm -f manual.ps manual.html manual.pdf
+ #rm -f manual.ps manual.html manual.pdf
- DISTNAME=bzip2-1.0.5
+ DISTNAME=bzip2-1.0.6
dist: check manual
diff --git a/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
new file mode 100644
index 000000000..d3ba2379a
--- /dev/null
+++ b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
@@ -0,0 +1,23 @@
+From: Jakub Martisko <jamartis@redhat.com>
+Date: Wed, 30 Mar 2016 10:22:27 +0200
+Subject: [PATCH] bzip2recover: Fix potential use-after-free
+
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
+Bug-Debian: https://bugs.debian.org/827744
+---
+ bzip2recover.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/bzip2recover.c b/bzip2recover.c
+index f9de0496abf1..252c1b79853d 100644
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;
diff --git a/patches/bzip2-1.0.6/series b/patches/bzip2-1.0.6/series
index 78ff34566..faf98db85 100644
--- a/patches/bzip2-1.0.6/series
+++ b/patches/bzip2-1.0.6/series
@@ -1,4 +1,5 @@
# generated by git-ptx-patches
#tag:base --start-number 1
0001-fixup-Makefile.patch
-# cf8c416b9e8252c5e89375edfd4523b9 - git-ptx-patches magic
+0002-bzip2recover-Fix-potential-use-after-free.patch
+# b97444d53b93823526970708b2bbb965 - git-ptx-patches magic
--
2.11.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
prev parent reply other threads:[~2017-06-02 12:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-02 12:56 [ptxdist] version bumps for some packages Sascha Hauer
2017-06-02 12:56 ` [ptxdist] [PATCH 1/4] dnsmasq: Version bump to 2.76 Sascha Hauer
2017-06-02 12:56 ` [ptxdist] [PATCH 2/4] ppp: version bump to 2.4.7 Sascha Hauer
2017-06-15 7:38 ` Ladislav Michl
2017-06-02 12:56 ` [ptxdist] [PATCH 3/4] sqlite: version bump to 3.19.2 Sascha Hauer
2017-06-02 12:56 ` Sascha Hauer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170602125609.18421-5-s.hauer@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox