[Bug 1011137] New: VUL-0: libdwarf: negation overflow in dwarf_leb.c
http://bugzilla.suse.com/show_bug.cgi?id=1011137 Bug ID: 1011137 Summary: VUL-0: libdwarf: negation overflow in dwarf_leb.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/471 =================================================== Description: libdwarf is a library to consume and produce DWARF debug information. A fuzz with the Undefined Behavior Sanitizer shows a negation that cannot be represented as long long. The complete UBSan output: # dwarfdump $FILE dwarf_leb.c:306:19: runtime error: negation of -9223372036854775808 cannot be represented in type 'Dwarf_Signed' (aka 'long long'); cast to an unsigned type to negate this value to itself Affected version: 20161021 Fixed version: N/A Commit fix: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec... Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00050-libdwarf-negate-itself Timeline: 2016-11-11: bug discovered and reported to upstream 2016-11-11: upstream released a patch 2016-11-19: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_... -- Agostino Sarubbo Gentoo Linux Developer =================================================== By the way, https://software.opensuse.org/package/libdwarf : libdwarf is in official repo for 42.1 and TW and not for 42.2. What's the logic here? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 http://bugzilla.suse.com/show_bug.cgi?id=1011137#c1 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #1 from Swamp Workflow Management <swamp@suse.de> --- bugbot adjusting priority -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abergmann@suse.com Summary|VUL-0: CVE-2016-9558: |VUL-1: CVE-2016-9558: |libdwarf: negation overflow |libdwarf: negation overflow |in dwarf_leb.c |in dwarf_leb.c Severity|Normal |Minor -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 http://bugzilla.suse.com/show_bug.cgi?id=1011137#c2 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |matz@suse.com --- Comment #2 from Alexander Bergmann <abergmann@suse.com> --- It's a good question why libdwarf didn't show up at software.opensuse.org, because it's also part of 42.2. http://download.opensuse.org/distribution/leap/42.2/repo/oss/suse/x86_64/ I'll check if this is currently a general problem. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 http://bugzilla.suse.com/show_bug.cgi?id=1011137#c3 --- Comment #3 from Mikhail Kasimov <mikhail.kasimov@gmail.com> --- (In reply to Alexander Bergmann from comment #2)
It's a good question why libdwarf didn't show up at software.opensuse.org, because it's also part of 42.2.
http://download.opensuse.org/distribution/leap/42.2/repo/oss/suse/x86_64/
I'll check if this is currently a general problem.
General: boo#1011485 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 Andreas Hasenkopf <ahasenkopf@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| maint:planned:update |CVSSv2:RedHat:CVE-2016-9558 |CVSSv2:NVD:CVE-2016-9558:7. |:4.3:(AV:N/AC:M/Au:N/C:N/I: |5:(AV:N/AC:L/Au:N/C:P/I:P/A |N/A:P) |:P) |CVSSv3:NVD:CVE-2016-9558:9. |CVSSv3:NVD:CVE-2016-9558:9. |8:(AV:N/AC:L/PR:N/UI:N/S:U/ |8:(AV:N/AC:L/PR:N/UI:N/S:U/ |C:H/I:H/A:H) |C:H/I:H/A:H) |CVSSv2:NVD:CVE-2016-9558:7. |CVSSv3:RedHat:CVE-2016-9558 |5:(AV:N/AC:L/Au:N/C:P/I:P/A |:3.3:(AV:L/AC:L/PR:N/UI:R/S |:P) |:U/C:N/I:N/A:L) |CVSSv3:RedHat:CVE-2016-9558 |CVSSv2:RedHat:CVE-2016-9558 |:3.3:(AV:L/AC:L/PR:N/UI:R/S |:4.3:(AV:N/AC:M/Au:N/C:N/I: |:U/C:N/I:N/A:L) |N/A:P) | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1011137 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|CVSSv2:RedHat:CVE-2016-9558 |CVSSv2:RedHat:CVE-2016-9558 |:4.3:(AV:N/AC:M/Au:N/C:N/I: |:4.3:(AV:N/AC:M/Au:N/C:N/I: |N/A:P) |N/A:P) |CVSSv3:NVD:CVE-2016-9558:9. |CVSSv3:NVD:CVE-2016-9558:9. |8:(AV:N/AC:L/PR:N/UI:N/S:U/ |8:(AV:N/AC:L/PR:N/UI:N/S:U/ |C:H/I:H/A:H) |C:H/I:H/A:H) |CVSSv2:NVD:CVE-2016-9558:7. |CVSSv2:NVD:CVE-2016-9558:7. |5:(AV:N/AC:L/Au:N/C:P/I:P/A |5:(AV:N/AC:L/Au:N/C:P/I:P/A |:P) |:P) |CVSSv3:RedHat:CVE-2016-9558 |CVSSv3:RedHat:CVE-2016-9558 |:3.3:(AV:L/AC:L/PR:N/UI:R/S |:3.3:(AV:L/AC:L/PR:N/UI:R/S |:U/C:N/I:N/A:L) |:U/C:N/I:N/A:L) | |maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com