diff options
author | Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com> | 2023-03-06 16:34:38 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-03-14 14:59:10 +0000 |
commit | aa673e1427e7c31d1c3e0ed35abffb09233bff0a (patch) | |
tree | 54f914949fea384e41a5525e447c7cf15eb2a236 /meta/recipes-extended/tar/tar_1.32.bb | |
parent | 770bb4a64a7862385420bd7e4aa4112d53951218 (diff) | |
download | poky-aa673e1427e7c31d1c3e0ed35abffb09233bff0a.tar.gz |
tar: CVE-2022-48303
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)
(From OE-Core rev: af77a413db59863a898c32dc7536b680473ae9c5)
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a00f15354084cee6b2183fcdbfdfc7826c365da)
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/tar/tar_1.32.bb')
-rw-r--r-- | meta/recipes-extended/tar/tar_1.32.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar_1.32.bb b/meta/recipes-extended/tar/tar_1.32.bb index db1540dbd6..1246f01256 100644 --- a/meta/recipes-extended/tar/tar_1.32.bb +++ b/meta/recipes-extended/tar/tar_1.32.bb | |||
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | |||
9 | SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ | 9 | SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ |
10 | file://musl_dirent.patch \ | 10 | file://musl_dirent.patch \ |
11 | file://CVE-2021-20193.patch \ | 11 | file://CVE-2021-20193.patch \ |
12 | file://CVE-2022-48303.patch \ | ||
12 | " | 13 | " |
13 | 14 | ||
14 | SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" | 15 | SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" |