Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 463632 (CVE-2013-0211)

Summary: <app-arch/libarchive-3.1.2-r1: read buffer overflow on 64-bit systems (CVE-2013-0211)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bsd+disabled, ferringb, ssuominen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=902998
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-28 16:54:57 UTC 
From ${URL} :

Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where 
sizeof(size_t) is equal to 8.  In the archive_write_zip_data() function in 
libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) 
and is cast to a 64 bit signed integer.  If "s" is larger than MAX_INT, it will not be set to 
"zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads 
to a buffer overflow when calling deflate().

This can lead to a segfault in an application that uses libarchive to create ZIP archives.
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2013-03-30 15:20:20 UTC 
3.1.2-r1 in Portage with the upstream patch for this issue:

https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4

Please test and mark it stable. Thank you!
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-03-30 18:45:05 UTC 
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2013-03-31 11:18:03 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-31 11:18:58 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-04-01 19:43:44 UTC 
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-04-01 19:52:12 UTC 
alpha stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-04-02 10:36:18 UTC 
sh stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-04-02 10:54:41 UTC 
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-04-02 12:11:58 UTC 
arm stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-04-02 13:17:03 UTC 
s390 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-04-05 17:03:54 UTC 
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-04-05 18:11:23 UTC 
ppc64 stable
Comment 13 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-06 20:22:35 UTC 
Added to existing GLSA request.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 23:08:16 UTC 
CVE-2013-0211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211):
  Integer signedness error in the archive_write_zip_data function in
  archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running
  on 64-bit machines, allows context-dependent attackers to cause a denial of
  service (crash) via unspecified vectors, which triggers an improper
  conversion between unsigned and signed types, leading to a buffer overflow.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-06-01 15:22:48 UTC 
This issue was resolved and addressed in
 GLSA 201406-02 at http://security.gentoo.org/glsa/glsa-201406-02.xml
by GLSA coordinator Sean Amoss (ackle).