[rpm/f14] - fix CVE-2011-3378
Panu Matilainen
pmatilai at fedoraproject.org
Tue Oct 4 07:43:47 UTC 2011
commit b678823ef39244a4c1b40bc0465934140a103557
Author: Panu Matilainen <pmatilai at redhat.com>
Date: Tue Oct 4 10:43:59 2011 +0300
- fix CVE-2011-3378
rpm-4.8.x-cve-2011-3378.patch | 23 +++++++++++++++++++++++
rpm.spec | 7 ++++++-
2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/rpm-4.8.x-cve-2011-3378.patch b/rpm-4.8.x-cve-2011-3378.patch
new file mode 100644
index 0000000..1caf8e3
--- /dev/null
+++ b/rpm-4.8.x-cve-2011-3378.patch
@@ -0,0 +1,23 @@
+diff --git a/lib/header.c b/lib/header.c
+index 2d68854..536aa89 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -358,6 +358,9 @@ static int regionSwab(indexEntry entry, int il, int dl,
+ const unsigned char * dataEnd,
+ int regionid)
+ {
++ if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0))
++ return -1;
++
+ for (; il > 0; il--, pe++) {
+ struct indexEntry_s ie;
+ rpmTagType type;
+@@ -822,7 +825,7 @@ Header headerLoad(void * uh)
+
+ { int off = ntohl(pe->offset);
+
+- if (hdrchkData(off))
++ if (hdrchkData(off) || hdrchkRange(dl, off))
+ goto errxit;
+ if (off) {
+ size_t nb = REGION_TAG_COUNT;
diff --git a/rpm.spec b/rpm.spec
index 1784c5a..27051a8 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -21,7 +21,7 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
-Release: 6%{?dist}
+Release: 7%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.8.x/%{name}-%{srcver}.tar.bz2
@@ -47,6 +47,7 @@ Patch202: rpm-4.8.0-findlang-localedirs.patch
Patch203: rpm-4.8.1-eat-stdin.patch
Patch204: rpm-4.8.1-getoutput-emsg.patch
Patch205: rpm-4.8.1-find-debuginfo-gdb-index.patch
+Patch206: rpm-4.8.x-cve-2011-3378.patch
# These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch
@@ -202,6 +203,7 @@ packages on a system.
%patch203 -p1 -b .eat-stdin
%patch204 -p1 -b .getoutput-emsg
%patch205 -p1 -b .find-debuginfo-gdb-index
+%patch206 -p1 -b .cve-2011-3378
%patch301 -p1 -b .niagara
%patch302 -p1 -b .geode
@@ -419,6 +421,9 @@ exit 0
%doc COPYING doc/librpm/html/*
%changelog
+* Tue Oct 04 2011 Panu Matilainen <pmatilai at redhat.com> - 4.8.1-7
+- fix CVE-2011-3378
+
* Fri May 27 2011 Paul Whalen <paul.whalen at senecac.on.ca> - 4.8.1-6
- Added meego patch for ARM macros
More information about the scm-commits
mailing list