Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libyang for openSUSE:Factory checked in at 2026-05-28 17:28:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libyang (Old) and /work/SRC/openSUSE:Factory/.libyang.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libyang" Thu May 28 17:28:33 2026 rev:22 rq:1355544 version:3.13.6 Changes: -------- --- /work/SRC/openSUSE:Factory/libyang/libyang.changes 2026-05-27 16:21:31.496113080 +0200 +++ /work/SRC/openSUSE:Factory/.libyang.new.1937/libyang.changes 2026-05-28 17:29:24.789863395 +0200 @@ -1,0 +2,7 @@ +Wed May 27 15:08:31 UTC 2026 - Petr Gajdos <[email protected]> + +- added patches + CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when parsing a maliciously crafted LYB binary blob [bsc#1265330] + * libyang-CVE-2026-44673.patch + +------------------------------------------------------------------- New: ---- libyang-CVE-2026-44673.patch ----------(New B)---------- New: CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when parsing a maliciously crafted LYB binary blob [bsc#1265330] * libyang-CVE-2026-44673.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyang.spec ++++++ --- /var/tmp/diff_new_pack.tBijaj/_old 2026-05-28 17:29:25.493892538 +0200 +++ /var/tmp/diff_new_pack.tBijaj/_new 2026-05-28 17:29:25.493892538 +0200 @@ -29,6 +29,8 @@ Source0: https://github.com/CESNET/libyang/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific metadata attributes [bsc#1266316] Patch0: libyang-CVE-2026-41401.patch +# CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when parsing a maliciously crafted LYB binary blob [bsc#1265330] +Patch1: libyang-CVE-2026-44673.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: fdupes ++++++ libyang-CVE-2026-44673.patch ++++++ >From 73da1db8fc14802e4f8fc64d022011a6f9d514db Mon Sep 17 00:00:00 2001 From: Michal Vasko <[email protected]> Date: Tue, 7 Apr 2026 12:41:29 +0200 Subject: [PATCH] parser lyb BUGFIX avoid uint overflow --- src/parser_lyb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: libyang-3.13.6/src/parser_lyb.c =================================================================== --- libyang-3.13.6.orig/src/parser_lyb.c +++ libyang-3.13.6/src/parser_lyb.c @@ -216,7 +216,7 @@ lyb_read_string(char **str, uint8_t len_ lyb_read_number(&len, sizeof len, len_size, lybctx); - *str = malloc((len + 1) * sizeof **str); + *str = malloc(((uint64_t)len + 1) * sizeof **str); LY_CHECK_ERR_RET(!*str, LOGMEM(lybctx->ctx), LY_EMEM); lyb_read((uint8_t *)*str, len, lybctx);
