bsdiff package vulnerable to CVE-2020-14315

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bsdiff package vulnerable to CVE-2020-14315

From:	Léo Le Bouter
Subject:	bsdiff package vulnerable to CVE-2020-14315
Date:	Wed, 10 Mar 2021 09:49:57 +0100
User-agent:	Evolution 3.34.2

CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in
Colin Percival’s bsdiff tools version 4.3. Insufficient checks when
handling external inputs allows an attacker to bypass the sanity checks
in place and write out of a dynamically allocated buffer boundaries.

A patch exists from FreeBSD: 
https://www.freebsd.org/security/patches/SA-16:29/bspatch.patch - but
it needs non-trivial porting since FreeBSD seems to have diverged in
important ways from the source tree we use.

Debian, Fedora, Gentoo, Arch Linux, Void Linux, none have fixed this
CVE yet due to missing readily usable patch.

There may be a patch in Android or ChromiumOS source trees but if it is
present it is burried and not easy to find, also their tree probably
has diverged in non-trivial ways too.

Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter <=
- Re: bsdiff package vulnerable to CVE-2020-14315, Leo Famulari, 2021/03/10
  - Re: bsdiff package vulnerable to CVE-2020-14315, Léo Le Bouter, 2021/03/10
    - Re: bsdiff package vulnerable to CVE-2020-14315, Mark H Weaver, 2021/03/14

Prev by Date: Re: Release on April 18th? (ppc64le support specifically)
Next by Date: Re: 05/07: inferior: Fix concurrent cached-profile calls.
Previous by thread: security patching of 'patch' package
Next by thread: Re: bsdiff package vulnerable to CVE-2020-14315
Index(es):
- Date
- Thread