128 lines
4.6 KiB
Text
128 lines
4.6 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-SA-16:23.libarchive Security Advisory
|
|
The FreeBSD Project
|
|
|
|
Topic: Buffer overflow in libarchive(3)
|
|
|
|
Category: contrib
|
|
Module: libarchive
|
|
Announced: 2016-05-31
|
|
Affects: FreeBSD 9.3
|
|
Corrected: 2016-05-21 09:27:30 UTC (stable/9, 9.3-STABLE)
|
|
2016-05-31 16:23:56 UTC (releng/9.3, 9.3-RELEASE-p43)
|
|
CVE Name: CVE-2013-0211
|
|
|
|
For general information regarding FreeBSD Security Advisories,
|
|
including descriptions of the fields above, security branches, and the
|
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
The libarchive(3) library provides a flexible interface for reading and
|
|
writing streaming archive files such as tar and cpio, and has been the
|
|
basis for FreeBSD's implementation of the tar(1) and cpio(1) utilities
|
|
since FreeBSD 5.3.
|
|
|
|
II. Problem Description
|
|
|
|
An integer signedness error in the archive_write_zip_data() function in
|
|
archive_write_set_format_zip.c in libarchive(2) could lead to a buffer
|
|
overflow on 64-bit machines.
|
|
|
|
III. Impact
|
|
|
|
An attacker who can provide input of their choice for creating a ZIP archive
|
|
can cause a buffer overflow in libarchive(2) that results in a core dump or
|
|
possibly execution of arbitrary code provided by the attacker.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available but 32-bit systems are not vulnerable.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
|
release / security branch (releng) dated after the correction date.
|
|
|
|
Reboot is not required.
|
|
|
|
2) To update your vulnerable system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
A reboot is not required.
|
|
|
|
3) To update your vulnerable system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:23/libarchive.patch
|
|
# fetch https://security.FreeBSD.org/patches/SA-16:23/libarchive.patch.asc
|
|
# gpg --verify libarchive.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Restart the applicable daemons, or reboot the system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/9/ r300363
|
|
releng/9.3/ r301044
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:23.libarchive.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIcBAEBCgAGBQJXTcSUAAoJEO1n7NZdz2rnjuwP/36GShkMxVtvEF3LeZCtT1bT
|
|
J0TSoXWpOo8rW61W0VEQ8xxOupIUwpDC2zwvgg0ZuPPbUY1nKYGrql8hixzmyg7n
|
|
Da7krIxv7guTrpIWumEztS7JAVjZWEW+SfwiXZ7OY+3KHSLcGh5E0MpEvWDy+Ysa
|
|
5/fjyaxYV2jHCaXwqNpCHv9ahS3Ca4VMr37E2H+3efdbSzkfUz17nReNjBtk8P76
|
|
5teuC/PZ0aXIToOBuP039NPy7Cw42AsgAnEDLayEMIuuq/u4JVmDUONcnjfQ4occ
|
|
tlCl3tNmk8LR9kotcvkg+7ZDOZ6zq4NHkcpjek8GPqScV2EgY0wixf4Eo2hD4P4x
|
|
NDo4pkzt5L+6mkJoSc/6zBYiVGLAqGBMDqsaemqBL/aTLH6+W+Bulvr9prfB2EIN
|
|
EBWfO4zkA3tKAPAZIpCQRzG2FScOjNeH49hy+ISTUWYcWDtNrpYIJdhX+XtsuZIt
|
|
Swd++AYcvnDJGX8bTPRb8nOlBWqAAscuIJsvyqyRVahmKrG2USECmhvaIN6jPbVq
|
|
8dScr0yO0ixzUpnkEMV8GW8kstC5mwCihJ4MG5qDtsWGYybH93N22eHZyOlCqa9J
|
|
d+V8OzEiVEtGtdDqbThDW3FfuimAm6aShTLxATeJTGbc+mQEdUMjjgAmrvCZxcEZ
|
|
URXCjA5XayDc0iZySd4r
|
|
=XTv8
|
|
-----END PGP SIGNATURE-----
|