Your message dated Fri, 06 Mar 2015 19:17:05 +0000
with message-id <[email protected]>
and subject line Bug#775003: fixed in unace 1.2b-10+deb7u1
has caused the Debian Bug report #775003,
regarding unace: CVE-2015-2063: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775003: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775003
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unace
Version: 1.2b-11
Usertags: afl
unace crashes when trying to test integrity of the attached file:
$ unace t crash
UNACE v1.2 public version
Segmentation fault
gdb says it's an integer overflow, followed by buffer overflow:
(gdb) bt
#0 __memcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
#1 0x0000000000401558 in read_header (print_err=0) at unace.c:171
#2 0x00000000004017b7 in read_arc_head () at unace.c:222
#3 0x0000000000401943 in open_archive (print_err=1) at unace.c:254
#4 0x000000000040258f in main (argc=3, argv=0x7fffffffe6d8) at unace.c:604
(gdb) up
#1 0x0000000000401558 in read_header (print_err=0) at unace.c:171
171 memcpy(mhead.AV, tp, rd-(USHORT)(tp-readbuf));
(gdb) print rd-(USHORT)(tp-readbuf)
$1 = -27
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages unace depends on:
ii libc6 2.19-13
--
Jakub Wilk
crash.ACE
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: unace
Source-Version: 1.2b-10+deb7u1
We believe that the bug you reported is fixed in the latest version of
unace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated unace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Feb 2015 17:41:44 +0100
Source: unace
Binary: unace
Architecture: source amd64
Version: 1.2b-10+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Guillem Jover <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
unace - extract, test and view .ace archives
Closes: 775003
Changes:
unace (1.2b-10+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add 006_security-afl.patch patch.
CVE-2015-2063: Buffer overflow when reading bogus file headers
The header parser was not checking if it had read the needed data when
parsing the header from memory. (Closes: #775003)
Checksums-Sha1:
d4a28e1fe16469e29b97e14ea00c8183876dc43d 1757 unace_1.2b-10+deb7u1.dsc
54781d630644a68bb3d9338fa6a018b2d4553efb 27561 unace_1.2b.orig.tar.gz
348674d9c549751e31a45da8b802d825d72a2b5c 8551
unace_1.2b-10+deb7u1.debian.tar.gz
61828dedb70b0a814a2f8d19e9266346348427ec 19954 unace_1.2b-10+deb7u1_amd64.deb
Checksums-Sha256:
591b0604111b5e71d4671b9bd88001d17406f1140c59e045460cf8c5538bc2b4 1757
unace_1.2b-10+deb7u1.dsc
a5f3b7d0994b2c6aa3b95ac1196ee18605d8dbd0660f978f8d64b8583fb55490 27561
unace_1.2b.orig.tar.gz
f01ee6db9fcbd8889070967bc5ab8fd3d527e8d1ae7c39668d643d43ceed1de9 8551
unace_1.2b-10+deb7u1.debian.tar.gz
31984f0b9bf2da8dbba0e45d04baa0256e113a0c2918b1345b330942fd3128d9 19954
unace_1.2b-10+deb7u1_amd64.deb
Files:
436546b94338df370478557d8c8483d9 1757 utils optional unace_1.2b-10+deb7u1.dsc
51360df61997db28787b60ea7321d83f 27561 utils optional unace_1.2b.orig.tar.gz
cb39b954491b0b84915f52a0688f9fcf 8551 utils optional
unace_1.2b-10+deb7u1.debian.tar.gz
386bd063199f1d5ec907c47babfc5768 19954 utils optional
unace_1.2b-10+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJU7KqyAAoJEAVMuPMTQ89EsEEP/j/VUe1wDPSG8qPsgaf0bYfN
HQ8aIzOktuNzQgYGW3GWTzsfU3fgxraJODjAVZHeD6yizJxh/4x0k1SbxqeVJJKt
lMnk7Tf3/TYOdMFtlj6Nps8LQ1Lb908eltlYnNd955PSxjiLDLFLTyfQX88syJn+
9wz+hcQnGZ/c6HFErxeH4HUyapg/l+Vi28kpa7S89aWQsOTLd+clZ2NQmv0bsXjf
VrlLInhkEp4h22S1cl9OJcwD5H+6StJbUVos3jg3YsZZrBnxUQaww1DG2R/FYKh8
7d1NN0BxWQvjCHgfXAYrPgCeiIpvUhOj/Sb/kJIkI5cDUqA+1nri/dpYuGDEKmI6
51gle/jjQjsQagsJIVPK2IivsLHYror1u1jxpM6CFndukauhrHCem/0Yx7IqICRw
Q7JsYBbWWi1wplOcdRRBNN+//Ny/gZdmcM1m5a0BBwF0jkbLzh5d71GH8N9xx9vW
YgkXFAwnUBPAvty19nvuiu+J8ZVOvZ4bJ58nQJXUZNOZXA5YwZ3NIQljXsvWln9a
nIMonIr4zdqeVLKSXuoUJGenYKG7dL4+g8dL2TgL+F1jBX1Qj3NtWPhFKH27/CjJ
SNVCmd57UKi9nswupTM8B/QD/d1Vy85EYdCvXModgdXWMKIxbTVCkVsFPH+tpXFW
IDUDDv/5692cTwJ1dUNB
=tsx5
-----END PGP SIGNATURE-----
--- End Message ---
