Bug 1527296 (CVE-2018-5345)

Summary: CVE-2018-5345 gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: carnil, fidencio, marcandre.lureau, m, negativo17, rhughes, scorneli, sparks
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gcab 1.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-19 14:29:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1528141, 1529602, 1533173, 1533174    
Bug Blocks: 1527298    

Description Sam Fowler 2017-12-19 07:02:13 UTC 
Versions of gcab <= 7.4 are vulnerable to a stack-based buffer overflow when extracting maliciously constructed .cab files. An attacker could potentially exploit this to execute arbitrary code.

Original bug: 
https://bugzilla.redhat.com/show_bug.cgi?id=1527062
Comment 1 Richard Hughes 2017-12-20 12:03:42 UTC 
Upstream would like to make a new release before the holidays, but obviously would like to include the fix with the new tarball. Can we get some guidance on what we should do? Thanks.
Comment 2 Sam Fowler 2017-12-21 04:56:58 UTC 
Created gcab tracking bugs for this issue:

Affects: fedora-all [bug 1528141]
Comment 6 Salvatore Bonaccorso 2018-01-12 07:57:56 UTC 
Hi Sam Fowler, hi Richard,

Would it be possible to open up the original bug report? This has restricted access and there is no reference to either upstream commit fixing the issue or an upstream bug.

Is this bug about https://git.gnome.org/browse/gcab/commit/?id=c512f6ff0c82a1139b36db2b28f93edc01c74b4b ?

Regards,
Salvatore
Comment 10 Salvatore Bonaccorso 2018-02-02 20:17:44 UTC 
FTR: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
Comment 11 errata-xmlrpc 2018-02-26 19:05:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0350 https://access.redhat.com/errata/RHSA-2018:0350