Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 463632 (CVE-2013-0211) - <app-arch/libarchive-3.1.2-r1: read buffer overflow on 64-bit systems (CVE-2013-0211)
Summary: <app-arch/libarchive-3.1.2-r1: read buffer overflow on 64-bit systems (CVE-20...
Status: RESOLVED FIXED
Alias: CVE-2013-0211
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-28 16:54 UTC by Agostino Sarubbo
Modified: 2014-06-01 15:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-28 16:54:57 UTC
From ${URL} :

Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where 
sizeof(size_t) is equal to 8.  In the archive_write_zip_data() function in 
libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) 
and is cast to a 64 bit signed integer.  If "s" is larger than MAX_INT, it will not be set to 
"zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads 
to a buffer overflow when calling deflate().

This can lead to a segfault in an application that uses libarchive to create ZIP archives.
Comment 1 Samuli Suominen gentoo-dev 2013-03-30 15:20:20 UTC
3.1.2-r1 in Portage with the upstream patch for this issue:

https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4

Please test and mark it stable. Thank you!
Comment 2 Jeroen Roovers gentoo-dev 2013-03-30 18:45:05 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2013-03-31 11:18:03 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2013-03-31 11:18:58 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-04-01 19:43:44 UTC
ia64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-04-01 19:52:12 UTC
alpha stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-04-02 10:36:18 UTC
sh stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-04-02 10:54:41 UTC
sparc stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-04-02 12:11:58 UTC
arm stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-04-02 13:17:03 UTC
s390 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-04-05 17:03:54 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-04-05 18:11:23 UTC
ppc64 stable
Comment 13 Sean Amoss gentoo-dev Security 2013-04-06 20:22:35 UTC
Added to existing GLSA request.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 23:08:16 UTC
CVE-2013-0211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0211):
  Integer signedness error in the archive_write_zip_data function in
  archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running
  on 64-bit machines, allows context-dependent attackers to cause a denial of
  service (crash) via unspecified vectors, which triggers an improper
  conversion between unsigned and signed types, leading to a buffer overflow.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-06-01 15:22:48 UTC
This issue was resolved and addressed in
 GLSA 201406-02 at http://security.gentoo.org/glsa/glsa-201406-02.xml
by GLSA coordinator Sean Amoss (ackle).