Bug 842460 (CVE-2012-4025)
| Summary: | CVE-2012-4025 squashfs-tools: integer overflow in queue_init() may lead to abitrary code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bruno, peterm, phillip.lougher, plougher, tcallawa |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:58:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 847270 | ||
| Bug Blocks: | 842461 | ||
|
Description
Vincent Danen
2012-07-23 22:29:57 UTC
I'll keep an eye out for patches for this. Based on the discussion on the source forge list, I don't think anything is likely to happen soon. Phillip considers the two recent bugs to be relatively minor (I think that assessment is correct), he doesn't have a lot of time right now and the reporter has irked him. There appear to be fixes to check for other kinds of corruption queued up that may also cause similar issues. I have been keeping an eye out for a 4.3 release, as I am not sure what shape Phillip considers the current trunk to be in. If people think this really warrants a relatively rapid response I can look into seeing if I can find or make fixes? RHEL5 is not affected, as it does not support parallel processing and does not use queues. Created squashfs-tools tracking bugs for this issue Affects: fedora-all [bug 847270] Statement: This issue did not affect the versions of squashfs-tools as shipped with Red Hat Enterprise Linux 5 as they did not include support for parallel processing and do not make use of queues. There is an upstream commit for this. I am looking at backporting it now. http://squashfs.git.sourceforge.net/git/gitweb.cgi?p=squashfs/squashfs;a=commit;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e I have updates for rawhide, f16, f17 and f18. squashfs-tools-4.2-5.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. squashfs-tools-4.2-5.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. squashfs-tools-4.2-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Note that squashfs tools 4.3 is due out in a few weeks and will have fixes for a number of potential issues with handling bad data. Please don't close SRT bugs; this needs to remain open for RHEL6 where it is deferred. Should I have closed 847270 now that all of the Fedora instances have fixes? Yeah, closing the Fedora bug would be good. Thanks. |