[ptxdist] [PATCH 4/4] bzip2: Fix CVE-2016-3189

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Sascha Hauer <s.hauer@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 4/4] bzip2: Fix CVE-2016-3189
Date: Fri,  2 Jun 2017 14:56:09 +0200	[thread overview]
Message-ID: <20170602125609.18421-5-s.hauer@pengutronix.de> (raw)
In-Reply-To: <20170602125609.18421-1-s.hauer@pengutronix.de>

Fixes: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6
allows remote attackers to cause a denial of service (crash) via a
crafted bzip2 file, related to block ends set to before the start of the
block.

https://security-tracker.debian.org/tracker/CVE-2016-3189

While at it, regenerate the first patch to apply cleanly.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 patches/bzip2-1.0.6/0001-fixup-Makefile.patch      |  4 ++--
 ...bzip2recover-Fix-potential-use-after-free.patch | 23 ++++++++++++++++++++++
 patches/bzip2-1.0.6/series                         |  3 ++-
 3 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch

diff --git a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
index 85d4fb4bd..0e2602134 100644
--- a/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
+++ b/patches/bzip2-1.0.6/0001-fixup-Makefile.patch
@@ -13,7 +13,7 @@ Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
  1 files changed, 69 insertions(+), 65 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index eb09753..8b1bf77 100644
+index 9754ddf286b1..8e6a46b63904 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -12,6 +12,8 @@
@@ -203,5 +203,5 @@ index eb09753..8b1bf77 100644
 -	rm -f manual.ps manual.html manual.pdf
 +	#rm -f manual.ps manual.html manual.pdf
  
- DISTNAME=bzip2-1.0.5
+ DISTNAME=bzip2-1.0.6
  dist: check manual
diff --git a/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
new file mode 100644
index 000000000..d3ba2379a
--- /dev/null
+++ b/patches/bzip2-1.0.6/0002-bzip2recover-Fix-potential-use-after-free.patch
@@ -0,0 +1,23 @@
+From: Jakub Martisko <jamartis@redhat.com>
+Date: Wed, 30 Mar 2016 10:22:27 +0200
+Subject: [PATCH] bzip2recover: Fix potential use-after-free
+
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
+Bug-Debian: https://bugs.debian.org/827744
+---
+ bzip2recover.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/bzip2recover.c b/bzip2recover.c
+index f9de0496abf1..252c1b79853d 100644
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
diff --git a/patches/bzip2-1.0.6/series b/patches/bzip2-1.0.6/series
index 78ff34566..faf98db85 100644
--- a/patches/bzip2-1.0.6/series
+++ b/patches/bzip2-1.0.6/series
@@ -1,4 +1,5 @@
 # generated by git-ptx-patches
 #tag:base --start-number 1
 0001-fixup-Makefile.patch
-# cf8c416b9e8252c5e89375edfd4523b9  - git-ptx-patches magic
+0002-bzip2recover-Fix-potential-use-after-free.patch
+# b97444d53b93823526970708b2bbb965  - git-ptx-patches magic
-- 
2.11.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

     prev parent reply	other threads:[~2017-06-02 12:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-02 12:56 [ptxdist] version bumps for some packages Sascha Hauer
2017-06-02 12:56 ` [ptxdist] [PATCH 1/4] dnsmasq: Version bump to 2.76 Sascha Hauer
2017-06-02 12:56 ` [ptxdist] [PATCH 2/4] ppp: version bump to 2.4.7 Sascha Hauer
2017-06-15  7:38   ` Ladislav Michl
2017-06-02 12:56 ` [ptxdist] [PATCH 3/4] sqlite: version bump to 3.19.2 Sascha Hauer
2017-06-02 12:56 ` Sascha Hauer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170602125609.18421-5-s.hauer@pengutronix.de \
    --to=s.hauer@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox