Hello community, here is the log from the commit of package elfutils for openSUSE:Factory checked in at 2014-04-22 07:42:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/elfutils (Old) and /work/SRC/openSUSE:Factory/.elfutils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "elfutils" Changes: -------- --- /work/SRC/openSUSE:Factory/elfutils/elfutils.changes 2014-03-25 13:20:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.elfutils.new/elfutils.changes 2014-04-22 07:42:54.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Apr 15 18:56:25 UTC 2014 - to...@suse.com + +- Fix integer overflow in check_section (CVE-2014-0172, bnc#872785) + Add patch: elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch + +------------------------------------------------------------------- New: ---- elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ elfutils.spec ++++++ --- /var/tmp/diff_new_pack.buGaEd/_old 2014-04-22 07:42:55.000000000 +0200 +++ /var/tmp/diff_new_pack.buGaEd/_new 2014-04-22 07:42:55.000000000 +0200 @@ -34,6 +34,7 @@ Patch6: elfutils-0.137-dwarf-header-check-fix.diff Patch7: elfutils-0.148-dont-crash.diff Patch8: elfutils-revert-portability-scanf.patch +Patch9: elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: flex @@ -144,6 +145,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 -R +%patch9 -p1 %build # Change DATE/TIME macros to use last change time of elfutils.changes @@ -213,7 +215,6 @@ %defattr(-,root,root) %{_libdir}/libelf.so %{_libdir}/libelf.a -#%{_libdir}/libelf_pic.a %{_includedir}/libelf.h %{_includedir}/gelf.h %{_includedir}/nlist.h ++++++ elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch ++++++ From: Mark Wielaard <m...@redhat.com> Subject: Check for overflow before calling malloc to uncompress data. Date: Wed Apr 9 11:33:23 2014 +0200 Git-commit: 7f1eec317db79627b473c5b149a22a1b20d1f68f References: CVE-2014-0172, bnc#872785 Signed-off-by: Tony Jones <to...@suse.de> CVE-2014-0172 Check for overflow before calling malloc to uncompress data. https://bugzilla.redhat.com/show_bug.cgi?id=1085663 Reported-by: Florian Weimer <fwei...@redhat.com> Signed-off-by: Mark Wielaard <m...@redhat.com> diff --git a/libdw/dwarf_begin_elf.c b/libdw/dwarf_begin_elf.c index 79daeac..34ea373 100644 --- a/libdw/dwarf_begin_elf.c +++ b/libdw/dwarf_begin_elf.c @@ -1,5 +1,5 @@ /* Create descriptor from ELF descriptor for processing file. - Copyright (C) 2002-2011 Red Hat, Inc. + Copyright (C) 2002-2011, 2014 Red Hat, Inc. This file is part of elfutils. Written by Ulrich Drepper <drep...@redhat.com>, 2002. @@ -282,6 +282,12 @@ check_section (Dwarf *result, GElf_Ehdr *ehdr, Elf_Scn *scn, bool inscngrp) memcpy (&size, data->d_buf + 4, sizeof size); size = be64toh (size); + /* Check for unsigned overflow so malloc always allocated + enough memory for both the Elf_Data header and the + uncompressed section data. */ + if (unlikely (sizeof (Elf_Data) + size < size)) + break; + Elf_Data *zdata = malloc (sizeof (Elf_Data) + size); if (unlikely (zdata == NULL)) break; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org