diff options
Diffstat (limited to 'meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch')
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch deleted file mode 100644 index 985f150f0f..0000000000 --- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 71c812edf1431a9967bd99ba6ffa6ab89eb7ec7c Mon Sep 17 00:00:00 2001 -From: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> -Date: Wed, 10 Jun 2015 12:56:55 +0000 -Subject: [PATCH 1/2] rpm: CVE-2014-8118 - -Upstream-Status: Backport -CVE: CVE-2014-8118 - -Reference: -https://bugzilla.redhat.com/show_bug.cgi?id=1168715 - -Description: -It was found that RPM could encounter an integer overflow, -leading to a stack-based overflow, while parsing a crafted -CPIO header in the payload section of an RPM file. This could -allow an attacker to modify signed RPM files in such a way that -they would execute code chosen by the attacker during package -installation. - -Original Patch: -https://bugzilla.redhat.com/attachment.cgi?id=962159 - -Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> ---- - lib/cpio.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/cpio.c b/lib/cpio.c -index 382eeb6..74ddd9c 100644 ---- a/lib/cpio.c -+++ b/lib/cpio.c -@@ -296,6 +296,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, struct stat * st) - st->st_rdev = makedev(major, minor); - - GET_NUM_FIELD(hdr.namesize, nameSize); -+ if (nameSize <= 0 || nameSize > 4096) { -+ return CPIOERR_BAD_HEADER; -+ } - - *path = xmalloc(nameSize + 1); - read = Fread(*path, nameSize, 1, cpio->fd); --- -1.8.4.5 - |