[rpm/f14] - fix CVE-2011-3378

Panu Matilainen pmatilai at fedoraproject.org
Tue Oct 4 07:43:47 UTC 2011 

commit b678823ef39244a4c1b40bc0465934140a103557
Author: Panu Matilainen <pmatilai at redhat.com>
Date:   Tue Oct 4 10:43:59 2011 +0300

    - fix CVE-2011-3378

 rpm-4.8.x-cve-2011-3378.patch |   23 +++++++++++++++++++++++
 rpm.spec                      |    7 ++++++-
 2 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/rpm-4.8.x-cve-2011-3378.patch b/rpm-4.8.x-cve-2011-3378.patch
new file mode 100644
index 0000000..1caf8e3
--- /dev/null
+++ b/rpm-4.8.x-cve-2011-3378.patch
@@ -0,0 +1,23 @@
+diff --git a/lib/header.c b/lib/header.c
+index 2d68854..536aa89 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -358,6 +358,9 @@ static int regionSwab(indexEntry entry, int il, int dl,
+ 		const unsigned char * dataEnd,
+ 		int regionid)
+ {
++    if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0))
++	return -1;
++
+     for (; il > 0; il--, pe++) {
+ 	struct indexEntry_s ie;
+ 	rpmTagType type;
+@@ -822,7 +825,7 @@ Header headerLoad(void * uh)
+ 
+ 	{   int off = ntohl(pe->offset);
+ 
+-	    if (hdrchkData(off))
++	    if (hdrchkData(off) || hdrchkRange(dl, off))
+ 		goto errxit;
+ 	    if (off) {
+ 		size_t nb = REGION_TAG_COUNT;
diff --git a/rpm.spec b/rpm.spec
index 1784c5a..27051a8 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -21,7 +21,7 @@
 Summary: The RPM package management system
 Name: rpm
 Version: %{rpmver}
-Release: 6%{?dist}
+Release: 7%{?dist}
 Group: System Environment/Base
 Url: http://www.rpm.org/
 Source0: http://rpm.org/releases/rpm-4.8.x/%{name}-%{srcver}.tar.bz2
@@ -47,6 +47,7 @@ Patch202: rpm-4.8.0-findlang-localedirs.patch
 Patch203: rpm-4.8.1-eat-stdin.patch
 Patch204: rpm-4.8.1-getoutput-emsg.patch
 Patch205: rpm-4.8.1-find-debuginfo-gdb-index.patch
+Patch206: rpm-4.8.x-cve-2011-3378.patch
 
 # These are not yet upstream
 Patch301: rpm-4.6.0-niagara.patch
@@ -202,6 +203,7 @@ packages on a system.
 %patch203 -p1 -b .eat-stdin
 %patch204 -p1 -b .getoutput-emsg
 %patch205 -p1 -b .find-debuginfo-gdb-index
+%patch206 -p1 -b .cve-2011-3378
 
 %patch301 -p1 -b .niagara
 %patch302 -p1 -b .geode
@@ -419,6 +421,9 @@ exit 0
 %doc COPYING doc/librpm/html/*
 
 %changelog
+* Tue Oct 04 2011 Panu Matilainen <pmatilai at redhat.com> - 4.8.1-7
+- fix CVE-2011-3378
+
 * Fri May 27 2011 Paul Whalen <paul.whalen at senecac.on.ca> - 4.8.1-6
 - Added meego patch for ARM macros

More information about the scm-commits mailing list