CVE-2014-9862 (https://nvd.nist.gov/vuln/detail/CVE-2014-9862): Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
Patch (ChromiumOS): https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659%5E%21/#F0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4d7646f1d69122a3f49925119a92834c20a1aee commit f4d7646f1d69122a3f49925119a92834c20a1aee Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-15 18:21:54 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 21:06:07 +0000 dev-util/bsdiff: Fix CVE-2014-9862 Includes a patch from ChromiumOS. Bug: https://bugs.gentoo.org/701848 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/14970 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-util/bsdiff/bsdiff-4.3-r4.ebuild | 35 ++++++++++++++++++++++ .../bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch | 15 ++++++++++ 2 files changed, 50 insertions(+)
sparc stable
hppa stable
amd64 stable
ppc stable
ia64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a90ac2818a5f4f7cb1358f8d679c523801d0e7b2 commit a90ac2818a5f4f7cb1358f8d679c523801d0e7b2 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-19 18:31:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-19 18:31:53 +0000 dev-util/bsdiff: security cleanup (bug #701848) Bug: https://bugs.gentoo.org/701848 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-util/bsdiff/bsdiff-4.3-r3.ebuild | 36 ------------------------------------ 1 file changed, 36 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-44 at https://security.gentoo.org/glsa/202003-44 by GLSA coordinator Thomas Deutschmann (whissi).