[arch-commits] Commit in elfutils/trunk (CVE-2014-9447.patch PKGBUILD)
Laurent Carlier
lcarlier at archlinux.org
Mon Mar 2 21:00:31 UTC 2015
Date: Monday, March 2, 2015 @ 22:00:31
Author: lcarlier
Revision: 232426
upgpkg: elfutils 0.161-3
fix FS#44019 - CVE-2014-9447
Added:
elfutils/trunk/CVE-2014-9447.patch
Modified:
elfutils/trunk/PKGBUILD
---------------------+
CVE-2014-9447.patch | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 10 ++++++---
2 files changed, 60 insertions(+), 3 deletions(-)
Added: CVE-2014-9447.patch
===================================================================
--- CVE-2014-9447.patch (rev 0)
+++ CVE-2014-9447.patch 2015-03-02 21:00:31 UTC (rev 232426)
@@ -0,0 +1,53 @@
+From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001
+From: Alexander Cherepanov <cherepan at mccme.ru>
+Date: Sun, 28 Dec 2014 19:57:19 +0300
+Subject: libelf: Fix dir traversal vuln in ar extraction.
+
+read_long_names terminates names at the first '/' found but then skips
+one character without checking (it's supposed to be '\n'). Hence the
+next name could start with any character including '/'. This leads to
+a directory traversal vulnerability at the time the contents of the
+archive is extracted.
+
+The danger is mitigated by the fact that only one '/' is possible in a
+resulting filename and only in the leading position. Hence only files
+in the root directory can be written via this vuln and only when ar is
+executed as root.
+
+The fix for the vuln is to not skip any characters while looking
+for '/'.
+
+Signed-off-by: Alexander Cherepanov <cherepan at mccme.ru>
+
+diff --git a/libelf/ChangeLog b/libelf/ChangeLog
+index 3b88d03..447c354 100644
+--- a/libelf/ChangeLog
++++ b/libelf/ChangeLog
+@@ -1,3 +1,8 @@
++2014-12-28 Alexander Cherepanov <cherepan at mccme.ru>
++
++ * elf_begin.c (read_long_names): Don't miss '/' right after
++ another '/'. Fixes a dir traversal vuln in ar extraction.
++
+ 2014-12-18 Ulrich Drepper <drepper at gmail.com>
+
+ * Makefile.am: Suppress output of textrel_check command.
+diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
+index 30abe0b..cd3756c 100644
+--- a/libelf/elf_begin.c
++++ b/libelf/elf_begin.c
+@@ -749,10 +749,7 @@ read_long_names (Elf *elf)
+ }
+
+ /* NUL-terminate the string. */
+- *runp = '\0';
+-
+- /* Skip the NUL byte and the \012. */
+- runp += 2;
++ *runp++ = '\0';
+
+ /* A sanity check. Somebody might have generated invalid
+ archive. */
+--
+cgit v0.10.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-03-02 20:12:30 UTC (rev 232425)
+++ PKGBUILD 2015-03-02 21:00:31 UTC (rev 232426)
@@ -4,7 +4,7 @@
pkgname=elfutils
pkgver=0.161
-pkgrel=2
+pkgrel=3
pkgdesc="Libraries and utilities to handle ELF object files and DWARF debugging information"
arch=('i686' 'x86_64')
url="https://fedorahosted.org/elfutils/"
@@ -11,11 +11,13 @@
license=('LGPL3' 'GPL' 'GPL3')
depends=('gcc-libs' 'zlib' 'bzip2' 'xz')
source=(https://fedorahosted.org/releases/e/l/elfutils/${pkgver}/elfutils-${pkgver}.tar.bz2{,.sig}
- 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch)
+ 0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
+ CVE-2014-9447.patch)
options=('staticlibs')
sha1sums=('85d48e18359c51e843c49b1894b2f54b85e88ae2'
'SKIP'
- '86947fb8d0f51a65e19142350925f428ad0c7cb1')
+ '86947fb8d0f51a65e19142350925f428ad0c7cb1'
+ 'd3e0e8275695fcc6347b8730bd1eb141a022f756')
validpgpkeys=('47CC0331081B8BC6D0FD4DA08370665B57816A6A') # Mark J. Wielaard <mark at klomp.org>
prepare() {
@@ -23,6 +25,8 @@
# https://lists.fedorahosted.org/pipermail/elfutils-devel/2015-January/004541.html
patch -p1 < "$srcdir"/0001-tests-Make-deleted-and-vdsosyms-testcases-work-with-.patch
+ # fix CVE-2014-9447 merged upstream
+ patch -p1 < "$srcdir"/CVE-2014-9447.patch
}
build() {
More information about the arch-commits
mailing list