]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 262ee4d) | patch
tar: Update fix for CVE-2022-48303 to upstream version
authorJoe Slater <joe.slater@windriver.com>
Fri, 17 Feb 2023 23:01:22 +0000 (15:01 -0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 19 Feb 2023 07:47:40 +0000 (07:47 +0000)
commit0043c9d3f7b65a0cbb0a27c37b4825b8f5511dec
tree60c9317e3f16f407e74f2a351db63a163cc70839tree | snapshot
parent262ee4d12fd82f1722b0ac859d95fdfd7640cb95commit | diff
tar: Update fix for CVE-2022-48303 to upstream version

Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303

Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8

Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/tar/files/CVE-2022-48303.patch [deleted file] blob | blame | history
meta/recipes-extended/tar/tar/CVE-2022-48303.patch [new file with mode: 0644] blob
meta/recipes-extended/tar/tar_1.34.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core