From Josh Bressers @RedHat : A buffer overflow bug exists in zoo which is triggered during archive creation. This issue is borderline a bug as it's really only a problem if someone is creating a zoo archive on a directory full of files controlled by a local attacker. Here is how to reproduce this issue: mkdir `perl -e 'print "A"x254'` cd `perl -e 'print "A"x254'` mkdir `perl -e 'print "A"x254'` cd `perl -e 'print "A"x254'` touch feh cd ../.. zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'` To fix this issue, in parse.c, line 42, Change the line: strcpy (tempname, fname); to strncpy(tempname, fname, LFNAMESIZE);
zoo-2.10-r2 now in portage
Arches please test and mark stable
stable on ppc64
Stable on x86.
ppc stable
I tested app-arch/zoo-2.10-r2 on alpha and it fixes the bug. Using the example from Josh Bressers @RedHat, zoo-2.10-r2 outputs: "Zoo: FATAL: Combined dirname and filename too long!" instead of segfaulting like in zoo-2.10-r1. # emerge --info Portage 2.1_pre5-r4 (default-linux/alpha/no-nptl/2.4, gcc-3.4.4, glibc-2.3.5-r3, 2.4.32 alpha) ================================================================= System uname: 2.4.32 alpha EV56 Gentoo Base System version 1.12.0_pre16 dev-lang/python: 2.3.5, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.4.26-r1 ACCEPT_KEYWORDS="alpha ~alpha" AUTOCLEAN="yes" CBUILD="alpha-unknown-linux-gnu" CFLAGS="-mieee -pipe -O2 -mcpu=ev56" CHOST="alpha-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-mieee -pipe -O2 -mcpu=ev56" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks maketest sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://adelie.polymtl.ca/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.seren.com/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://cudlug.cudenver.edu/gentoo/ http://gentoo.mirrors.pair.com/ http://gentoo.mirrors.tds.net/gentoo http://gentoo.netnitco.net http://mirror.espri.arizona.edu/gentoo/ http://mirrors.acm.cs.rpi.edu/gentoo/ http://gentoo.arcticnetwork.ca/ http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.llarian.net/ http://gentoo.binarycompass.org http://gentoo.mirrored.ca/ http://mirror.datapipe.net/gentoo http://gentoo.cs.lewisu.edu/gentoo/ http://prometheus.cs.wmich.edu/gentoo http://modzer0.cs.uaf.edu/public/gentoo/ http://mirror.usu.edu/mirrors/gentoo/ http://mirror.phy.olemiss.edu/mirror/gentoo http://mirror.mcs.anl.gov/pub/gentoo/ http://gentoo.mirrors.easynews.com/linux/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/ http://mirror.clarkson.edu/pub/distributions/gentoo/ http://cdot.senecac.on.ca/software/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="alpha X aac aalib aim alsa apache2 artworkextra async audacious audiofile bash-completion berkdb binfilter bitmap-fonts bittorrent bl bonjour c++ cairo calendar cdinstall cdparanoia cdr cdrom chroot cli config_wizard cracklib crypt cscope csv ctype cups curl curlwrappers cvs cvsgraph dhcp dillo dri editor eds elf encode epiphany escreen esd ethereal extraicons extras ffmpeg fftw figlet firefox flac ftp gdb gdbm gif glep gnome gnutls gpm grammar gsl gstreamer gtalk gtk gtk2 gtkspell gvim gzip html icq id3 imlib ipod ipv6 jabber javascript jpeg justify ladspa lame libg++ libsexy libwww lite lj logrotate lua mad mapeditor md5sum mikmod motif moznoirc moznomail moznoroaming mozsha1 mp3 mpeg mpeg2 mplayer msn msnextras music ncurses net nethack nls offensive ogg oggvorbis opengl openssh openssl oscar oss pam pdflib perl png python quicktime quotes readline real recode reiserfs scp screen sdl sftp skins sndfile sockets sounds sox speech spell ssl subversion symlink syslog tcpd threads truetype truetype-fonts type1-fonts udev userlocales vcd videos vim vim-with-x vorbis wma wma123 xml xml2 xmlreader xmms xv xvid yahoo zip zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS
Alpha done. Thanks Thomas.
SPARC'd
amd64 stable
GLSA 200603-12 Thanks everybody