From patchwork Tue Sep 11 09:37:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 146428 Delivered-To: patch@linaro.org Received: by 2002:a2e:1648:0:0:0:0:0 with SMTP id 8-v6csp3432743ljw; Tue, 11 Sep 2018 02:37:51 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYGgkTrtPHNQ1o6u7lE9X+FvH2hpXf98wdTpsNxFA5QokYdaUl0hzg7vF5CvggokeT8eRT0 X-Received: by 2002:a17:902:bd04:: with SMTP id p4-v6mr1448058pls.105.1536658671016; Tue, 11 Sep 2018 02:37:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536658671; cv=none; d=google.com; s=arc-20160816; b=zjlRfozjfJK9QSEaZreI8E+acABjeIfWmrCBMIy4lfneoCeMf3JthK6XnRXVqEB4SV FqeQx/XQqFCajT0dw22IFzSVnqy+vKI431mOz9jYcNi2MNVUd7F9T7EdCDMeoDJudEyF OmiZ4GgAY1IkA2Kkjv7cxTqo1UCVTFLzmzCrF13mgRMeID3TRHAP6yZVK6JJW+U6psMH DMO68yRrq2YtSv8yKPq2p5EYJB+pGMRJOT1gIvQXzFrhWkdk7KAS1JO8ejGiGbfzfLZa OVpnybk7o92HFNHCQ2ZlPcXpwo4Vd1FY8wxyC13WB3UkDI9lkIP5npzh6ANBtVGno5lY 7rNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to; bh=UpL5mziW8mB/PVEERKI3ZwTUi+iJ4wyQbW8r93T384w=; b=W383DMMerlrJoIiRStIr9bqFqNLTCquDjLoiLSAzbrJSJ6jFwKLRgDHRMIMlOF1RNY qKELD33qzbdGnRTahDTzZfhCloT2GyyMgALp2jYpfKOvyoW/oqvWNQ3zQMOo5kr5B+6E JTFeWdbTweIjNWhwUqzuWRoy85dh/PqUGm9JQGXgQMPKpAujjILd8i6+ngkPvc6sOcq2 Fu0HopAvw83oC2Dlr+qVJqkEhjED4/bBp1KBolGKjqQMW4ovyet+nih8GPg7PZIyeaCM NNnHoNK8gvWciB0ZGetJX8mTiO02CzLdztEf4c+zikqxy5yx2kRXzG1JpYaGMFFSi04v hyXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=BQAqjCRO; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id bj4-v6si18614557plb.119.2018.09.11.02.37.50; Tue, 11 Sep 2018 02:37:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=BQAqjCRO; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from layers.openembedded.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id EEA8A7985B; Tue, 11 Sep 2018 09:37:47 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by mail.openembedded.org (Postfix) with ESMTP id 59B487984F for ; Tue, 11 Sep 2018 09:37:43 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id e1-v6so16002727wrt.3 for ; Tue, 11 Sep 2018 02:37:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=43iaJ2GIXSEcNlS+R3RpROt7mkQRivKZo7nQB+pAGtg=; b=BQAqjCROwaj7PFFxICFCBtT54RNrDd+iRZoel4kdNy0okMoaImKSq2TwHdoBaJBFZM WDjm5ASR8MXceo7lmdNMG2lmVleluyntl1TxPEbcVo1M0LWO8jBJlIRo36VJAfL8EIrk 9SEJUYepr8fMSQvnUnIdW6c4y6CEQ7Vq8O4vEbS5VZkcrwx/klNrHAK6gnGQjXV8HJKH 5XXfX4LUmbCur0VNjdkPlpcr3yo0YMPWmJNPMod7h53VBXcSiAO2yXlk5bHHXA8S4F/N qUDBmy4lM6ETMgTXtRo1ijpmi6EeRz/XBjKDESRkHJI9adOOo4YmU32LzCGNnQDTAdlY IflQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=43iaJ2GIXSEcNlS+R3RpROt7mkQRivKZo7nQB+pAGtg=; b=qFk5JI+IW9nt9FtvLFJxHE8C6+92Cqac9VlblqJoG9+9ySEHTiShs3tnfC9bZb3G2J z6oqXxrkYzLW4VGYQe/wVh4fKO/Xkq/Kb0pIY/MIGuuO3sb/EcBou9eZhs05AcWxyFZM La4bHPEuscuJBQNefdctO4OpNwoElgjeMy/BDn1h2NK3mi346052h0Sq/MDxHicQfsi1 Y3bW608dzwFmVJYRsXRUB6R+g9TAqIVp8/oZH84Wwsy26gk1UQA3w3JdTJPyqRz4+Ehc PA6SSHW2f3Wg5o38MjZGj2uWalHqrntFw/btSIb/DqNzeTnf5gGOIiK/qIxdxRdzM1LY GUhg== X-Gm-Message-State: APzg51DHqda47MwvFuNtMA8NJbOVkQvTMjsMokBCENkTdJ7/zJwG0ydH xC3CcGyZOcjT05s1hsdyPTseDnza0mw= X-Received: by 2002:a1c:3503:: with SMTP id c3-v6mr762641wma.46.1536658663524; Tue, 11 Sep 2018 02:37:43 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id m68-v6sm948450wmb.10.2018.09.11.02.37.42 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Sep 2018 02:37:42 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Tue, 11 Sep 2018 10:37:40 +0100 Message-Id: <20180911093740.5334-1-ross.burton@intel.com> X-Mailer: git-send-email 2.11.0 Subject: [OE-core] [PATCH] lrzsz: fix CVE-2018-10195 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org "Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver." Take a patch from Fedora to resolve CVE-2018-10195. Signed-off-by: Ross Burton --- .../lrzsz/lrzsz-0.12.20/cve-2018-10195.patch | 28 ++++++++++++++++++++++ meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch -- 2.11.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch new file mode 100644 index 00000000000..dea298634f0 --- /dev/null +++ b/meta/recipes-bsp/lrzsz/lrzsz-0.12.20/cve-2018-10195.patch @@ -0,0 +1,28 @@ +Integer overflow in src/zm.c:zsdata() causes crash in sz and can leak information to receiver. + +Patch taken from Fedora. + +CVE: CVE-2018-10195 +Upstream-Status: Inappropriate (dead upstream) +Signed-off-by: Ross Burton + +diff -urN lrzsz-0.12.20/src/zm.c lrzsz-0.12.20.new/src/zm.c +--- lrzsz-0.12.20/src/zm.c Tue Dec 29 09:48:38 1998 ++++ lrzsz-0.12.20.new/src/zm.c Tue Oct 8 12:46:58 2002 +@@ -431,10 +431,12 @@ + VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, + Zendnames[(frameend-ZCRCE)&3])); + crc = 0; +- do { +- zsendline(*buf); crc = updcrc((0377 & *buf), crc); +- buf++; +- } while (--length>0); ++ ++ for( ; length; length--) { ++ zsendline(*buf); crc = updcrc((0377 & *buf), crc); ++ buf++; ++ } ++ + xsendline(ZDLE); xsendline(frameend); + crc = updcrc(frameend, crc); + \ No newline at end of file diff --git a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb index 4b349be32f7..002c774c6d8 100644 --- a/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb +++ b/meta/recipes-bsp/lrzsz/lrzsz_0.12.20.bb @@ -19,6 +19,7 @@ SRC_URI = "http://www.ohse.de/uwe/releases/lrzsz-${PV}.tar.gz \ file://acdefine.patch \ file://lrzsz_fix_for_automake-1.12.patch \ file://lrzsz-check-locale.h.patch \ + file://cve-2018-10195.patch \ " SRC_URI[md5sum] = "b5ce6a74abc9b9eb2af94dffdfd372a4"