Sanan,
On 09/21/2018 07:16 PM, Sinan Kaya wrote: > * CVE-2017-15874 > busybox: Integer underflow in archival/libarchive/decompress_unlzma.c > > (cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b) > > Affects busybox <= 1.27.2 this series in sumo-nmut thanks, Armin > CVE: CVE-2017-15874 > Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15874 > Signed-off-by: Sinan Kaya <ok...@kernel.org> > --- > .../busybox/busybox/CVE-2017-15874.patch | 30 +++++++++++++++++++ > meta/recipes-core/busybox/busybox_1.27.2.bb | 1 + > 2 files changed, 31 insertions(+) > create mode 100644 meta/recipes-core/busybox/busybox/CVE-2017-15874.patch > > diff --git a/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch > b/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch > new file mode 100644 > index 0000000000..67b4ed7e11 > --- /dev/null > +++ b/meta/recipes-core/busybox/busybox/CVE-2017-15874.patch > @@ -0,0 +1,30 @@ > +From e75c01bb3249df16201b482b79bb24bec3b58188 Mon Sep 17 00:00:00 2001 > +From: Denys Vlasenko <vda.li...@googlemail.com> > +Date: Fri, 27 Oct 2017 15:37:03 +0200 > +Subject: [PATCH] unlzma: fix SEGV, closes 10436 > + > +Upstream-Status: Backport [ > https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b] > +Signed-off-by: Denys Vlasenko <vda.li...@googlemail.com> > +Signed-off-by: Sinan Kaya <ok...@kernel.org> > +--- > + archival/libarchive/decompress_unlzma.c | 4 ++++ > + 1 file changed, 4 insertions(+) > + > +diff --git a/archival/libarchive/decompress_unlzma.c > b/archival/libarchive/decompress_unlzma.c > +index 29eee2a..41e492f 100644 > +--- a/archival/libarchive/decompress_unlzma.c > ++++ b/archival/libarchive/decompress_unlzma.c > +@@ -353,6 +353,10 @@ unpack_lzma_stream(transformer_state_t *xstate) > + pos = buffer_pos - rep0; > + if ((int32_t)pos < 0) { > + pos += header.dict_size; > ++ /* bug 10436 has an > example file where this triggers: */ > ++ if ((int32_t)pos < 0) > ++ goto bad; > ++ > + /* see > unzip_bad_lzma_2.zip: */ > + if (pos >= buffer_size) > + goto bad; > +-- > +2.19.0 > + > diff --git a/meta/recipes-core/busybox/busybox_1.27.2.bb > b/meta/recipes-core/busybox/busybox_1.27.2.bb > index 1ce4823d47..bab29728ee 100644 > --- a/meta/recipes-core/busybox/busybox_1.27.2.bb > +++ b/meta/recipes-core/busybox/busybox_1.27.2.bb > @@ -47,6 +47,7 @@ SRC_URI = > "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ > file://busybox-CVE-2017-16544.patch \ > file://busybox-fix-lzma-segfaults.patch \ > file://umount-ignore-c.patch \ > + file://CVE-2017-15874.patch \ > " > SRC_URI_append_libc-musl = " file://musl.cfg " > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
