Bug 1360201 (CVE-2014-9862)

Summary: CVE-2014-9862 bsdiff: Improper checking of input allows arbitrary write on heap
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: carnil, novyjindrich
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-26 08:47:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1360202, 1360203    
Bug Blocks:    

Description Adam Mariš 2016-07-26 08:46:18 UTC 
The implementation of bspatch does not check for a negative value on numbers of bytes read from the diff and extra streams, allowing an attacker who can control the patch file to write at arbitrary locations in the heap.

Public via:

http://seclists.org/bugtraq/2016/Jul/122
Comment 1 Adam Mariš 2016-07-26 08:46:40 UTC 
Created bsdiff tracking bugs for this issue:

Affects: fedora-all [bug 1360202]
Affects: epel-all [bug 1360203]