| Summary: | <app-arch/p7zip-16.02-r4: uninitialized memory use in rar code | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | antisocrates, prometheanfire |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ | ||
| Whiteboard: | C3 [noglsa cve] | ||
| Package list: |
=app-arch/p7zip-16.02-r4 alpha amd64 hppa ia64 ppc ppc64 sparc x86
|
Runtime testing required: | No |
|
Description
Hanno Böck
2018-05-08 15:01:51 UTC
noticed a missing 2016 cve patch (which I've added to r3) checked a couple other distros (fedora and arch for now) and didn't see a patch for this latest one. (In reply to Matthew Thode ( prometheanfire ) from comment #1) > noticed a missing 2016 cve patch (which I've added to r3) > from bug 620008 ? yes The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7 commit 2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7 Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2018-06-28 19:06:34 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2018-06-28 19:07:04 +0000 app-arch/p7zip: add fix for CVE-2018-10115 Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-arch/p7zip/files/CVE-2018-10115.patch | 311 ++++++++++++++++++++++++++++++ app-arch/p7zip/p7zip-16.02-r4.ebuild | 165 ++++++++++++++++ 2 files changed, 476 insertions(+) Arches, please stable '=app-arch/p7zip-16.02-r3' for the CVE. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c954aec09cfb1b6d77c269c4a4cc94529915e4c commit 1c954aec09cfb1b6d77c269c4a4cc94529915e4c Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-29 06:50:36 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-29 06:51:40 +0000 app-arch/p7zip: stable 16.02-r3 for ia64, bug #655270 Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.41, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-arch/p7zip/p7zip-16.02-r3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ugh, it was r4, not r3 updated commit 2c5907a3804ce99cf2fb927d21704f412eb32948 Author: Jeroen Roovers <jer@gentoo.org> Date: Fri Jun 29 12:14:51 2018 +0200 app-arch/p7zip: Stable for HPPA too. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f225e5fc91c55cc177eae2d756f051f5de5ecdce commit f225e5fc91c55cc177eae2d756f051f5de5ecdce Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-30 13:01:41 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-30 14:44:58 +0000 app-arch/p7zip: stable 16.02-r4 for ia64, bug #655270 Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.41, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef5d31d5370768c259344d338b32611d5325f3cb commit ef5d31d5370768c259344d338b32611d5325f3cb Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-30 18:03:35 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-30 19:02:58 +0000 app-arch/p7zip: stable 16.02-r4 for ppc64, bug #655270 Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.41, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3858c664e6e8d5cfb35e9d7e920c29af12f83a26 commit 3858c664e6e8d5cfb35e9d7e920c29af12f83a26 Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2018-07-03 02:08:40 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2018-07-03 02:08:56 +0000 app-arch/p7zip: remove old Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-arch/p7zip/p7zip-16.02-r1.ebuild | 159 --------------------------------- app-arch/p7zip/p7zip-16.02-r2.ebuild | 163 ---------------------------------- app-arch/p7zip/p7zip-16.02-r3.ebuild | 164 ----------------------------------- 3 files changed, 486 deletions(-) AMD64 was not stablized for r4, so I removed early, I can either readd or amd64 can hurry up The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0695cf40aac27e797742c96270d81044cdf418cc commit 0695cf40aac27e797742c96270d81044cdf418cc Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-07-03 03:11:35 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-07-03 03:11:35 +0000 app-arch/p7zip: amd64 stable Bug: https://bugs.gentoo.org/655270 Package-Manager: Portage-2.3.41, Repoman-2.3.9 app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f827dfb0e8b2ccf9a95aa4760f8a47f64e6389a1 Author: Matthew Thode <prometheanfire@gentoo.org> Date: Tue Jul 3 10:07:54 2018 -0500 app-arch/p7zip: fix stables *** Bug 832040 has been marked as a duplicate of this bug. *** |
