Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 9 May 2011 15:57:26 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: libarchive, multiple overflows

----- Original Message -----
> Hello,
> our maintainer found the following patches:
> -----------
> I was doing some maintainance on bsdtar package and noticed that there
> was a buffer overflow fix upstream, see
> http://code.google.com/p/libarchive/source/detail?r=3158&path=/trunk/libarchive/archive_read_support_format_iso9660.c

Use CVE-2011-1777

> 
> Also SUSE package does not include the
> http://pkgs.fedoraproject.org/gitweb/?p=libarchive.git;a=blob_plain;f=libarchive-2.8.4-iso9660-data-types.patch;hb=HEAD
> patch which seems to be security sensitive also.

I'm not sure I'd call this one security. It's a crash only from what I can
see:

https://code.google.com/p/libarchive/source/detail?r=1984&path=/trunk/libarchive/archive_read_support_format_iso9660.c

It's just silly input to a format string. If you want one I'll assign it
though.

> More overflow fixes:
> 
> http://code.google.com/p/libarchive/source/detail?r=2842

This one needs a 2010 ID.
Use CVE-2010-4666

> http://code.google.com/p/libarchive/source/detail?r=3160

Use CVE-2011-1778

> 
> Use-after-free fix (not sure if exploitable):
> 
> http://code.google.com/p/libarchive/source/detail?r=3038

I'm going to give this an ID, I'd rather have it revoked than not assigned.

Use CVE-2011-1779

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ