Bug 1132282
Summary: | CVE-2014-4607 dump: lzo: lzo1x_decompress_safe() integer overflow [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Murray McAllister <mmcallis> |
Component: | dump | Assignee: | Petr Hracek <phracek> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 20 | CC: | phracek |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | dump-0.4-0.24.b44.fc20 | Doc Type: | Release Note |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-25 13:29:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1112418 |
Description
Murray McAllister
2014-08-21 04:05:35 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1112418,1132282 # Description of your update notes=Security fix for CVE-2014-4607 # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi update submission link instead: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1112418,1132282 Hi Huzaifa, is this bug still valid? Parent bug was closed as NOTABUG. What is current status? If parent bug is closed as NOTABUG that child bug will be close as NOTABUG too. Hi Petr, It is closed ERRATA not NOTABUG (unless I'm looking at the wrong bug). Would it be possible for dump to be built with/against the system lzo libraries, rather than a bundle copy (https://bugzilla.redhat.com/show_bug.cgi?id=1112418#c29)? That would be one way to resolve this issue. That said, I am not familiar with how the lzo business is used in dump, perhaps it is not really exposed or low enough risk to ignore in dump. Well, in dump I have removed lzo from source code and replace them with liblzo and libminilzo from system. After checking dump and restore binaries lzo libraries are taken from system: $ ldd dump linux-vdso.so.1 => (0x00007fffcf9fe000) libext2fs.so.2 => /lib64/libext2fs.so.2 (0x00007f5f2e7a3000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5f2e59f000) libz.so.1 => /lib64/libz.so.1 (0x00007f5f2e388000) libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f5f2e178000) libminilzo.so.0 => /lib64/libminilzo.so.0 (0x00007f5f2df74000) libc.so.6 => /lib64/libc.so.6 (0x00007f5f2dbb6000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5f2d99a000) /lib64/ld-linux-x86-64.so.2 (0x00007f5f2ea05000) $ ldd restore linux-vdso.so.1 => (0x00007fff2b37f000) libext2fs.so.2 => /lib64/libext2fs.so.2 (0x00007faca62b2000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007faca60ae000) libe2p.so.2 => /lib64/libe2p.so.2 (0x00007faca5ea5000) libreadline.so.6 => /lib64/libreadline.so.6 (0x00007faca5c5b000) libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007faca5a31000) libz.so.1 => /lib64/libz.so.1 (0x00007faca581a000) libbz2.so.1 => /lib64/libbz2.so.1 (0x00007faca560a000) libminilzo.so.0 => /lib64/libminilzo.so.0 (0x00007faca5406000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007faca51e0000) libc.so.6 => /lib64/libc.so.6 (0x00007faca4e23000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007faca4c07000) /lib64/ld-linux-x86-64.so.2 (0x00007faca6514000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00007faca4999000) liblzma.so.5 => /lib64/liblzma.so.5 (0x00007faca4774000) libdl.so.2 => /lib64/libdl.so.2 (0x00007faca4570000) Please test the package whether all works fine. scm-commits for this bugzilla are: rawhide - https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20150119/1491358.html F21 - https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20150119/1491529.html F20 - https://lists.fedoraproject.org/pipermail/scm-commits/Week-of-Mon-20150119/1491563.html dump-0.4-0.24.b44.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/dump-0.4-0.24.b44.fc20 dump-0.4-0.24.b44.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/dump-0.4-0.24.b44.fc21 dump-0.4-0.24.b44.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. dump-0.4-0.24.b44.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |