All of lore.kernel.org
 help / color / mirror / Atom feed
From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org, akuster808@gmail.com
Cc: Armin Kuster <akuster@mvista.com>
Subject: [master][PATCH] 4/5] python2: Security fix CVE-2016-5636
Date: Sat, 16 Jul 2016 16:04:14 -0700	[thread overview]
Message-ID: <1468710255-5030-4-git-send-email-akuster808@gmail.com> (raw)
In-Reply-To: <1468710255-5030-1-git-send-email-akuster808@gmail.com>

From: Armin Kuster <akuster@mvista.com>

Affects python2 < 2.7.11
Base score (4.4) Medium

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 .../python/python/CVE-2016-5636.patch              | 44 ++++++++++++++++++++++
 meta/recipes-devtools/python/python_2.7.11.bb      |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python/CVE-2016-5636.patch

diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
new file mode 100644
index 0000000..9a37471
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
@@ -0,0 +1,44 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357424 28800
+# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
+# Parent  7ec954b9fc54448a35b56d271340ba109eb381b9
+prevent buffer overflow in get_data (closes #26171)
+
+Upstream-Status: Backport
+https://hg.python.org/cpython/rev/985fc64c60d6
+
+CVE: CVE-2016-5636
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: Python-2.7.11/Misc/NEWS
+===================================================================
+--- Python-2.7.11.orig/Misc/NEWS
++++ Python-2.7.11/Misc/NEWS
+@@ -7,6 +7,9 @@ What's New in Python 2.7.11?
+ 
+ *Release date: 2015-12-05*
+ 
++- Issue #26171: Fix possible integer overflow and heap corruption in
++  zipimporter.get_data().
++
+ Library
+ -------
+ 
+Index: Python-2.7.11/Modules/zipimport.c
+===================================================================
+--- Python-2.7.11.orig/Modules/zipimport.c
++++ Python-2.7.11/Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {
diff --git a/meta/recipes-devtools/python/python_2.7.11.bb b/meta/recipes-devtools/python/python_2.7.11.bb
index 7eced2d..1e4a30d 100644
--- a/meta/recipes-devtools/python/python_2.7.11.bb
+++ b/meta/recipes-devtools/python/python_2.7.11.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
   file://use_sysroot_ncurses_instead_of_host.patch \
   file://avoid_parallel_make_races_on_pgen.patch \
   file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
+  file://CVE-2016-5636.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
-- 
2.3.5



  parent reply	other threads:[~2016-07-16 23:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-16 23:04 [master][PATCH] 1/5] openssl: Security fix CVE-2016-2177 Armin Kuster
2016-07-16 23:04 ` [master][PATCH] 2/5] openssl: Security fix CVE-2016-2178 Armin Kuster
2016-07-16 23:04 ` [master][PATCH] 3/5] bzip2: Security fix CVE-2016-3189 Armin Kuster
2016-08-08 12:41   ` Alexander Kanavin
2016-07-16 23:04 ` Armin Kuster [this message]
2016-07-16 23:04 ` [master][PATCH] 5/5] python3: Security fix CVE-2016-5636 Armin Kuster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1468710255-5030-4-git-send-email-akuster808@gmail.com \
    --to=akuster808@gmail.com \
    --cc=akuster@mvista.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.