Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear Release Team,
I would like to propose the following changes to the dwarfutils
package in stretch:
* Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
CVE-2017-9055 (Closes: #864064).
* Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
* Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
* Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
(Closes: #866968).
This update would fix all currently known vulnerabilities in the
dwarfutils package in stretch. All changes have been cherry-picked
from the upstream development repository, and all of them are already
in unstable.
I have attached the debdiff that I would like to apply to the current
version in stable.
Thank you!
Kind regards,
Fabian
diff -Nru dwarfutils-20161124/debian/changelog dwarfutils-20161124/debian/changelog
--- dwarfutils-20161124/debian/changelog 2016-11-25 14:23:27.000000000 +0100
+++ dwarfutils-20161124/debian/changelog 2017-07-11 15:33:51.000000000 +0200
@@ -1,3 +1,14 @@
+dwarfutils (20161124-1+deb9u1) stable; urgency=medium
+
+ * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
+ CVE-2017-9055 (Closes: #864064).
+ * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
+ * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
+ * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
+ (Closes: #866968).
+
+ -- Fabian Wolff <fabi.wolff@arcor.de> Tue, 11 Jul 2017 15:33:51 +0200
+
dwarfutils (20161124-1) unstable; urgency=medium
* New upstream release.
diff -Nru dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
--- dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch 1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch 2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,31 @@
+Description: Fix CVE-2017-9052 and CVE-2017-9055
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-006
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_form.c
++++ b/libdwarf/dwarf_form.c
+@@ -934,6 +934,10 @@
+ switch (attr->ar_attribute_form) {
+
+ case DW_FORM_data1:
++ if (attr->ar_debug_ptr >= section_end) {
++ _dwarf_error(dbg, error, DW_DLE_DIE_BAD);
++ return DW_DLV_ERROR;
++ }
+ *return_sval = (*(Dwarf_Sbyte *) attr->ar_debug_ptr);
+ return DW_DLV_OK;
+
+--- a/libdwarf/dwarf_query.c
++++ b/libdwarf/dwarf_query.c
+@@ -377,7 +377,7 @@
+ }
+ if (_dwarf_reference_outside_section(die,
+ (Dwarf_Small*) info_ptr,
+- (Dwarf_Small*) info_ptr)) {
++ ((Dwarf_Small*) info_ptr)+1)) {
+ _dwarf_error(dbg, error,DW_DLE_ATTR_OUTSIDE_SECTION);
+ return DW_DLV_ERROR;
+ }
diff -Nru dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
--- dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch 1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch 2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,86 @@
+Description: Fix CVE-2017-9053
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-005
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_loc.c
++++ b/libdwarf/dwarf_loc.c
+@@ -237,6 +237,10 @@
+ break;
+
+ case DW_OP_const1u:
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -247,6 +251,10 @@
+ break;
+
+ case DW_OP_const1s:
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Sbyte *) loc_ptr;
+ SIGN_EXTEND(operand1,1);
+ loc_ptr = loc_ptr + 1;
+@@ -372,6 +380,10 @@
+ break;
+
+ case DW_OP_pick:
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -388,6 +400,10 @@
+ break;
+
+ case DW_OP_deref_size:
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -401,6 +417,10 @@
+ break;
+
+ case DW_OP_xderef_type: /* DWARF5 */
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -415,6 +435,10 @@
+ break;
+
+ case DW_OP_xderef_size:
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -520,6 +544,10 @@
+ break;
+ case DW_OP_deref_type: /* DWARF5 */
+ case DW_OP_GNU_deref_type: /* 0xf6 */
++ if (loc_ptr >= section_end) {
++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++ return DW_DLV_ERROR;
++ }
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
diff -Nru dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch
--- dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch 1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch 2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,23 @@
+Description: Fix CVE-2017-9054
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-002
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_leb.c
++++ b/libdwarf/dwarf_leb.c
+@@ -301,11 +301,11 @@
+ break;
+ }
+ ++leb128;
+- byte = *leb128;
+- byte_length++;
+ if (leb128 >= endptr) {
+ return DW_DLV_ERROR;
+ }
++ byte = *leb128;
++ byte_length++;
+ if (byte_length > BYTESLEBMAX) {
+ /* Erroneous input. */
+ if (leb128_length) {
diff -Nru dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch
--- dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch 1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch 2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,41 @@
+Description: Fix CVE-2017-9998
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/e91681e8841291f57386f26a90897fd1dcf92a6e/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201706-001
+Bug-Debian: https://bugs.debian.org/866968
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_query.c
++++ b/libdwarf/dwarf_query.c
+@@ -524,11 +524,17 @@
+ if (res != DW_DLV_OK) {
+ return res;
+ }
+- if ((info_ptr + value_size) > die_info_end) {
+- /* Something badly wrong. We point past end
+- of debug_info or debug_types . */
+- _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD);
+- return DW_DLV_ERROR;
++ {
++ /* ptrdiff_t is signed type, so use DW signed type */
++ Dwarf_Signed len = die_info_end - info_ptr;
++ if (len < 0 || (value_size > ((Dwarf_Unsigned)len))) {
++ /* Something badly wrong. We point past end
++ of debug_info or debug_types or a
++ section is unreasonably sized or we are
++ pointing to two different sections? */
++ _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD);
++ return DW_DLV_ERROR;
++ }
+ }
+ info_ptr+= value_size;
+ } while (curr_attr != 0 || curr_attr_form != 0);
+@@ -679,7 +685,7 @@
+ but with a base. */
+ sectionsize = dbg->de_debug_addr.dss_size;
+ sectionend = sectionstart + sectionsize;
+- if ((addr_offset + context->cc_address_size) > sectionsize) {
++ if (addr_offset > (sectionsize - context->cc_address_size)) {
+ _dwarf_error(dbg, error, DW_DLE_ATTR_FORM_SIZE_BAD);
+ return (DW_DLV_ERROR);
+ }
diff -Nru dwarfutils-20161124/debian/patches/series dwarfutils-20161124/debian/patches/series
--- dwarfutils-20161124/debian/patches/series 2016-10-28 11:18:37.000000000 +0200
+++ dwarfutils-20161124/debian/patches/series 2017-07-11 15:33:51.000000000 +0200
@@ -1 +1,5 @@
01-fix-makefile.patch
+02-fix-CVE-2017-9052.patch
+03-fix-CVE-2017-9053.patch
+04-fix-CVE-2017-9054.patch
+05-fix-CVE-2017-9998.patch
Attachment:
signature.asc
Description: PGP signature