From: Yogita Urade <yogita.ur...@windriver.com> libarchive Remote Code Execution Vulnerability
References: https://nvd.nist.gov/vuln/detail/CVE-2024-26256 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-26256 Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../libarchive/CVE-2024-26256.patch | 29 +++++++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 5 ++-- 2 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch new file mode 100644 index 0000000000..717a31f0e1 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2024-26256.patch @@ -0,0 +1,29 @@ +From eb7939b24a681a04648a59cdebd386b1e9dc9237 Mon Sep 17 00:00:00 2001 +From: Wei-Cheng Pan <legnale...@gmail.com> +Date: Tue, 14 May 2024 08:50:44 +0000 +Subject: [PATCH] fix: OOB in rar e8 filter (#2135) This patch fixes an + out-of-bound error in rar e8 filter. + +CVE: CVE-2024-26256 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237] + +Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> +--- + libarchive/archive_read_support_format_rar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 793e8e9..b8397d0 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -3624,7 +3624,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz + uint32_t filesize = 0x1000000; + uint32_t i; + +- if (length > PROGRAM_WORK_SIZE || length < 4) ++ if (length > PROGRAM_WORK_SIZE || length <= 4) + return 0; + + for (i = 0; i <= length - 5; i++) +-- +2.40.0 diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 7d328a0060..c83eec9b1a 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -29,8 +29,9 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," EXTRA_OECONF += "--enable-largefile --without-iconv" SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ - file://0001-pax-writer-fix-multiple-security-vulnerabilities.patch \ -" + file://0001-pax-writer-fix-multiple-security-vulnerabilities.patch \ + file://CVE-2024-26256.patch \ + " UPSTREAM_CHECK_URI = "http://libarchive.org/"; SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f19b9b3" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199843): https://lists.openembedded.org/g/openembedded-core/message/199843 Mute This Topic: https://lists.openembedded.org/mt/106280216/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
