From d4bf4758cdd15688b845fa38f27ee28e2cc4c6a6 Mon Sep 17 00:00:00 2001 From: Lukas Javorsky Date: Tue, 28 May 2024 08:27:08 +0000 Subject: [PATCH] Fix OOB in rar e8 filter (CVE-2024-26256) Resolves: RHEL-37925 --- 0003-fix-OOB-in-rar-e8-filter.patch | 25 +++++++++++++++++++++++++ libarchive.spec | 9 ++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 0003-fix-OOB-in-rar-e8-filter.patch diff --git a/0003-fix-OOB-in-rar-e8-filter.patch b/0003-fix-OOB-in-rar-e8-filter.patch new file mode 100644 index 0000000..19204ee --- /dev/null +++ b/0003-fix-OOB-in-rar-e8-filter.patch @@ -0,0 +1,25 @@ +From 2910a5736c3f238d2cde6cc757b01868d877ebcb Mon Sep 17 00:00:00 2001 +From: Wei-Cheng Pan +Date: Sun, 21 Apr 2024 19:11:42 +0900 +Subject: [PATCH] fix: OOB in rar e8 filter + +--- + libarchive/archive_read_support_format_rar.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 99a11d17..266d0ee9 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz + uint32_t filesize = 0x1000000; + uint32_t i; + +- if (length > PROGRAM_WORK_SIZE || length < 4) ++ if (length > PROGRAM_WORK_SIZE || length <= 4) + return 0; + + for (i = 0; i <= length - 5; i++) +-- +2.45.1 + diff --git a/libarchive.spec b/libarchive.spec index ab22759..fdc788d 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -2,7 +2,7 @@ Name: libarchive Version: 3.7.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library for handling streaming archive formats # Licenses: @@ -48,6 +48,10 @@ Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch # Fixes the broken 32-bit builds (i686 arch) due to "Allocation error : not enough memory" Patch0002: 0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch +# Upstream patch: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 +# Fixes Heap based buffer overflow in rar e8 filter (CVE-2024-26256) +Patch0003: 0003-fix-OOB-in-rar-e8-filter.patch + %description Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio @@ -245,6 +249,9 @@ run_testsuite %changelog +* Mon May 27 2024 Lukas Javorsky - 3.7.2-5 +- Fix for CVE-2024-26256 + * Tue May 14 2024 Lukas Javorsky - 3.7.2-4 - Add forgotten licenses and migrate them to SPDX format