Hello community, here is the log from the commit of package sysstat for openSUSE:Factory checked in at 2019-09-30 15:51:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sysstat (Old) and /work/SRC/openSUSE:Factory/.sysstat.new.2352 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysstat" Mon Sep 30 15:51:45 2019 rev:82 rq:732933 version:12.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/sysstat/sysstat.changes 2019-08-30 14:39:36.481438044 +0200 +++ /work/SRC/openSUSE:Factory/.sysstat.new.2352/sysstat.changes 2019-09-30 15:51:48.598428406 +0200 @@ -1,0 +2,8 @@ +Tue Sep 10 11:10:11 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Security fix: [bsc#1150114, CVE-2019-16167] + * Memory corruption due to an Integer Overflow in remap_struct() + in sa_common.c + * Added sysstat-CVE-2019-16167.patch + +------------------------------------------------------------------- New: ---- sysstat-CVE-2019-16167.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sysstat.spec ++++++ --- /var/tmp/diff_new_pack.8nCV02/_old 2019-09-30 15:51:49.234426714 +0200 +++ /var/tmp/diff_new_pack.8nCV02/_new 2019-09-30 15:51:49.234426714 +0200 @@ -33,6 +33,8 @@ # PATCH-FIX-OPENSUSE should be upstreamed # use getpagesize() instead of kb_shift for hugetable archs Patch2: sysstat-8.0.4-pagesize.diff +# PATCH-FIX-UPSTREAM bsc#1150114 CVE-2019-16167 sysstat-CVE-2019-16167.patch +Patch3: sysstat-CVE-2019-16167.patch BuildRequires: findutils BuildRequires: gettext-runtime BuildRequires: pkgconfig @@ -71,6 +73,7 @@ %setup -q %patch0 -p1 %patch2 -p1 +%patch3 -p1 cp %{SOURCE1} %{SOURCE2} %{SOURCE4} . # remove date and time from objects find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' {} \; ++++++ sysstat-CVE-2019-16167.patch ++++++ Index: sysstat-12.0.6/sa_common.c =================================================================== --- sysstat-12.0.6.orig/sa_common.c +++ sysstat-12.0.6/sa_common.c @@ -1298,6 +1298,10 @@ void remap_struct(unsigned int gtypes_nr /* Remap [unsigned] long fields */ d = gtypes_nr[0] - ftypes_nr[0]; if (d) { + if (ftypes_nr[0] * ULL_ALIGNMENT_WIDTH < ftypes_nr[0]) + /* Overflow */ + return; + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH, g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH); if ((ftypes_nr[0] * ULL_ALIGNMENT_WIDTH >= b_size) || @@ -1314,6 +1318,11 @@ void remap_struct(unsigned int gtypes_nr /* Remap [unsigned] int fields */ d = gtypes_nr[1] - ftypes_nr[1]; if (d) { + if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) + /* Overflow */ + return; + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH - ftypes_nr[1] * UL_ALIGNMENT_WIDTH, g_size - gtypes_nr[0] * ULL_ALIGNMENT_WIDTH @@ -1338,6 +1347,12 @@ void remap_struct(unsigned int gtypes_nr /* Remap possible fields (like strings of chars) following int fields */ d = gtypes_nr[2] - ftypes_nr[2]; if (d) { + if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + + gtypes_nr[1] * UL_ALIGNMENT_WIDTH + + ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) + /* Overflow */ + return; + n = MINIMUM(f_size - ftypes_nr[0] * ULL_ALIGNMENT_WIDTH - ftypes_nr[1] * UL_ALIGNMENT_WIDTH - ftypes_nr[2] * U_ALIGNMENT_WIDTH,
