Bug 198954 - [archivers/gcpio][security] Multiple Vulnerabilities
Summary: [archivers/gcpio][security] Multiple Vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Christian Weisgerber
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-27 19:20 UTC by Sevan Janiyan
Modified: 2015-03-31 14:40 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (naddy)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2015-03-27 19:20:57 UTC
CVE-2014-9112 CVE-2015-1197
Comment 1 commit-hook freebsd_committer 2015-03-31 14:29:58 UTC
A commit references this bug:

Author: naddy
Date: Tue Mar 31 14:29:31 UTC 2015
New revision: 382823
URL: https://svnweb.freebsd.org/changeset/ports/382823

Log:
  CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
  function allows remote attackers to cause a denial of service via
  a large block value in a cpio archive.
  Fix from a series of upstream commits by Sergey Poznyakoff.

  CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
  allows local users to write to arbitrary files via a symlink attack
  on a file in an archive.
  Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
  bug tracker.

  PR:		198954
  Obtained from:	Debian

Changes:
  head/archivers/gcpio/Makefile
  head/archivers/gcpio/files/patch-doc_Makefile.in
  head/archivers/gcpio/files/patch-doc_cpio.1
  head/archivers/gcpio/files/patch-gnu_Makefile.in
  head/archivers/gcpio/files/patch-src_copyin.c
  head/archivers/gcpio/files/patch-src_extern.h
  head/archivers/gcpio/files/patch-src_filetypes.h
  head/archivers/gcpio/files/patch-src_global.c
  head/archivers/gcpio/files/patch-src_main.c
  head/archivers/gcpio/files/patch-src_util.c