Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655270 (CVE-2018-10115) - <app-arch/p7zip-16.02-r4: uninitialized memory use in rar code
Summary: <app-arch/p7zip-16.02-r4: uninitialized memory use in rar code
Status: RESOLVED FIXED
Alias: CVE-2018-10115
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://landave.io/2018/05/7-zip-from...
Whiteboard: C3 [noglsa cve]
Keywords:
: 832040 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-05-08 15:01 UTC by Hanno Böck
Modified: 2022-01-25 18:06 UTC (History)
2 users (show)

See Also:
Package list:
=app-arch/p7zip-16.02-r4 alpha amd64 hppa ia64 ppc ppc64 sparc x86
Runtime testing required: No
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2018-05-08 15:01:51 UTC 
A memory corruption potentially allowing code execution has been found in 7-zip:
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/

Unfortunately it seems p7zip is no longer updated.

The vuln is in the rar code, so it only affects p7zip with USE="rar".
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-05-08 16:56:30 UTC 
noticed a missing 2016 cve patch (which I've added to r3)

checked a couple other distros (fedora and arch for now) and didn't see a patch for this latest one.
Comment 2 D'juan McDonald (domhnall) 2018-05-09 04:00:55 UTC 
(In reply to Matthew Thode ( prometheanfire ) from comment #1)
>
noticed a missing 2016 cve patch (which I've added to r3)
>

from bug 620008 ?
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-05-09 04:05:49 UTC 
yes
Comment 4 Larry the Git Cow gentoo-dev 2018-06-28 19:07:16 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7

commit 2b160b9fd86e68ee72f39ce96db2e0c7de72e5f7
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-06-28 19:06:34 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-06-28 19:07:04 +0000

    app-arch/p7zip: add fix for CVE-2018-10115
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 app-arch/p7zip/files/CVE-2018-10115.patch | 311 ++++++++++++++++++++++++++++++
 app-arch/p7zip/p7zip-16.02-r4.ebuild      | 165 ++++++++++++++++
 2 files changed, 476 insertions(+)
Comment 5 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-06-28 19:13:47 UTC 
Arches, please stable '=app-arch/p7zip-16.02-r3' for the CVE.
Comment 6 Larry the Git Cow gentoo-dev 2018-06-29 06:51:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c954aec09cfb1b6d77c269c4a4cc94529915e4c

commit 1c954aec09cfb1b6d77c269c4a4cc94529915e4c
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-29 06:50:36 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-29 06:51:40 +0000

    app-arch/p7zip: stable 16.02-r3 for ia64, bug #655270
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.41, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 app-arch/p7zip/p7zip-16.02-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-06-29 06:55:08 UTC 
ugh, it was r4, not r3

updated
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2018-06-30 10:57:59 UTC 
commit 2c5907a3804ce99cf2fb927d21704f412eb32948
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Fri Jun 29 12:14:51 2018 +0200

    app-arch/p7zip: Stable for HPPA too.
Comment 9 Larry the Git Cow gentoo-dev 2018-06-30 14:45:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f225e5fc91c55cc177eae2d756f051f5de5ecdce

commit f225e5fc91c55cc177eae2d756f051f5de5ecdce
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-30 13:01:41 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-30 14:44:58 +0000

    app-arch/p7zip: stable 16.02-r4 for ia64, bug #655270
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.41, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 10 Larry the Git Cow gentoo-dev 2018-06-30 19:03:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef5d31d5370768c259344d338b32611d5325f3cb

commit ef5d31d5370768c259344d338b32611d5325f3cb
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-30 18:03:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-30 19:02:58 +0000

    app-arch/p7zip: stable 16.02-r4 for ppc64, bug #655270
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.41, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2018-07-02 00:52:17 UTC 
x86 stable
Comment 12 Larry the Git Cow gentoo-dev 2018-07-03 02:09:09 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3858c664e6e8d5cfb35e9d7e920c29af12f83a26

commit 3858c664e6e8d5cfb35e9d7e920c29af12f83a26
Author:     Matthew Thode <prometheanfire@gentoo.org>
AuthorDate: 2018-07-03 02:08:40 +0000
Commit:     Matthew Thode <prometheanfire@gentoo.org>
CommitDate: 2018-07-03 02:08:56 +0000

    app-arch/p7zip: remove old
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 app-arch/p7zip/p7zip-16.02-r1.ebuild | 159 ---------------------------------
 app-arch/p7zip/p7zip-16.02-r2.ebuild | 163 ----------------------------------
 app-arch/p7zip/p7zip-16.02-r3.ebuild | 164 -----------------------------------
 3 files changed, 486 deletions(-)
Comment 13 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2018-07-03 02:54:33 UTC 
AMD64 was not stablized for r4, so I removed early, I can either readd or amd64 can hurry up
Comment 14 Larry the Git Cow gentoo-dev 2018-07-03 03:11:46 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0695cf40aac27e797742c96270d81044cdf418cc

commit 0695cf40aac27e797742c96270d81044cdf418cc
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-07-03 03:11:35 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-07-03 03:11:35 +0000

    app-arch/p7zip: amd64 stable
    
    Bug: https://bugs.gentoo.org/655270
    Package-Manager: Portage-2.3.41, Repoman-2.3.9

 app-arch/p7zip/p7zip-16.02-r4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2018-07-28 18:11:54 UTC 
commit f827dfb0e8b2ccf9a95aa4760f8a47f64e6389a1
Author: Matthew Thode <prometheanfire@gentoo.org>
Date:   Tue Jul 3 10:07:54 2018 -0500

    app-arch/p7zip: fix stables
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-25 18:06:15 UTC 
*** Bug 832040 has been marked as a duplicate of this bug. ***