Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 701848 (CVE-2014-9862)

Summary: <dev-util/bsdiff-4.3-r4: Improper checking of input allows arbitrary write on heap (CVE-2014-9862)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Flags: stable-bot: sanity-check+
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/14970
https://github.com/gentoo/gentoo/pull/15002
Whiteboard: B2 [glsa+ cve]
Package list:
dev-util/bsdiff-4.3-r4
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-03 00:38:55 UTC
CVE-2014-9862 (https://nvd.nist.gov/vuln/detail/CVE-2014-9862):
  Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple
  OS X before 10.11.6 and other products, allows remote attackers to execute
  arbitrary code or cause a denial of service (heap-based buffer overflow) via
  a crafted patch file.
Comment 2 Larry the Git Cow gentoo-dev 2020-03-15 21:08:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4d7646f1d69122a3f49925119a92834c20a1aee

commit f4d7646f1d69122a3f49925119a92834c20a1aee
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-03-15 18:21:54 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-15 21:06:07 +0000

    dev-util/bsdiff: Fix CVE-2014-9862
    
    Includes a patch from ChromiumOS.
    
    Bug: https://bugs.gentoo.org/701848
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/14970
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-util/bsdiff/bsdiff-4.3-r4.ebuild               | 35 ++++++++++++++++++++++
 .../bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch    | 15 ++++++++++
 2 files changed, 50 insertions(+)
Comment 3 Rolf Eike Beer archtester 2020-03-16 17:44:33 UTC
sparc stable
Comment 4 Rolf Eike Beer archtester 2020-03-17 18:30:52 UTC
hppa stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-03-17 18:45:05 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-18 11:12:24 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-18 11:17:29 UTC
ia64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-18 15:22:41 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 9 Larry the Git Cow gentoo-dev 2020-03-19 18:32:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a90ac2818a5f4f7cb1358f8d679c523801d0e7b2

commit a90ac2818a5f4f7cb1358f8d679c523801d0e7b2
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-19 18:31:41 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-19 18:31:53 +0000

    dev-util/bsdiff: security cleanup (bug #701848)
    
    Bug: https://bugs.gentoo.org/701848
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-util/bsdiff/bsdiff-4.3-r3.ebuild | 36 ------------------------------------
 1 file changed, 36 deletions(-)
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-19 18:32:30 UTC
New GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2020-03-19 18:42:39 UTC
This issue was resolved and addressed in
 GLSA 202003-44 at https://security.gentoo.org/glsa/202003-44
by GLSA coordinator Thomas Deutschmann (whissi).