Hello community, here is the log from the commit of package libbsd for openSUSE:Leap:15.2 checked in at 2020-05-19 14:08:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libbsd (Old) and /work/SRC/openSUSE:Leap:15.2/.libbsd.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libbsd" Tue May 19 14:08:35 2020 rev:22 rq:806937 version:0.8.7 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libbsd/libbsd.changes 2020-01-15 15:19:08.346366292 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libbsd.new.2738/libbsd.changes 2020-05-19 14:08:46.419032776 +0200 @@ -1,0 +2,8 @@ +Mon Jan 13 13:57:41 UTC 2020 - Michael Vetter <[email protected]> + +- bsc#1160551 (CVE-2019-20367): + Fix out-of-bounds read during a comparison for a symbol name + from the string table. +- Add libbsd-0.8.7-CVE-2019-20367.patch + +------------------------------------------------------------------- New: ---- libbsd-0.8.7-CVE-2019-20367.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libbsd.spec ++++++ --- /var/tmp/diff_new_pack.fJIyoO/_old 2020-05-19 14:08:46.727033375 +0200 +++ /var/tmp/diff_new_pack.fJIyoO/_new 2020-05-19 14:08:46.731033382 +0200 @@ -29,6 +29,7 @@ Source0: https://archive.hadrons.org/software/%{name}/%{name}-%{version}.tar.xz Source1: https://archive.hadrons.org/software/%{name}/%{name}-%{version}.tar.xz.asc Source2: %{name}.keyring +Patch0: libbsd-0.8.7-CVE-2019-20367.patch BuildRequires: fdupes BuildRequires: openssl-devel BuildRequires: pkgconfig @@ -74,6 +75,7 @@ %prep %setup -q +%patch0 -p1 %build %configure \ ++++++ libbsd-0.8.7-CVE-2019-20367.patch ++++++ >From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001 From: Guillem Jover <[email protected]> Date: Wed, 7 Aug 2019 22:58:30 +0200 Subject: [PATCH] nlist: Fix out-of-bounds read on strtab When doing a string comparison for a symbol name from the string table, we should make sure we do a bounded comparison, otherwise a non-NUL terminated string might make the code read out-of-bounds. Warned-by: coverity --- src/nlist.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/nlist.c b/src/nlist.c index 8aa46a2..228c220 100644 --- a/src/nlist.c +++ b/src/nlist.c @@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list) symsize -= cc; for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) { char *name; + Elf_Word size; struct nlist *p; name = strtab + s->st_name; if (name[0] == '\0') continue; + size = symstrsize - s->st_name; for (p = list; !ISLAST(p); p++) { if ((p->n_un.n_name[0] == '_' && - strcmp(name, p->n_un.n_name+1) == 0) - || strcmp(name, p->n_un.n_name) == 0) { + strncmp(name, p->n_un.n_name+1, size) == 0) || + strncmp(name, p->n_un.n_name, size) == 0) { elf_sym_to_nlist(p, s, shdr, ehdr.e_shnum); if (--nent <= 0) -- 2.24.1
