Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

squashfs-tools: CVE-2015-4646

Related Vulnerabilities: CVE-2015-4646   CVE-2015-4645  

Source

Debian Bug report logs - #793468
squashfs-tools: CVE-2015-4646

version graph

Package: src:squashfs-tools; Maintainer for src:squashfs-tools is Laszlo Boszormenyi (GCS) <gcs@debian.org>;

Reported by: Romeo Papa <romeopapa@caramail.com>

Date: Fri, 24 Jul 2015 10:15:01 UTC

Severity: normal

Tags: patch, security, upstream

Found in version squashfs-tools/1:4.2+20130409-2

Fixed in version squashfs-tools/1:4.3-2

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Filesystems Group <filesystems-devel@lists.alioth.debian.org>:
Bug#793468; Package src:squashfs-tools. (Fri, 24 Jul 2015 10:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to Romeo Papa <romeopapa@caramail.com>:
New Bug report received and forwarded. Copy sent to Filesystems Group <filesystems-devel@lists.alioth.debian.org>. (Fri, 24 Jul 2015 10:15:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Romeo Papa <romeopapa@caramail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: squashfs-tools: CVE-2015-4646
Date: Fri, 24 Jul 2015 12:12:08 +0200
Source: squashfs-tools
Version: 1:4.2+20130409-2
Severity: normal

Hello,

Filing a bug for CVE-2015-4646,

> we run into an unrelated problem in which the stack VLA
> allocation of fragment_table_index[] can easily exceed RLIMIT_STACK

Described here:
https://github.com/devttys0/sasquatch/pull/5

Information forwarded to debian-bugs-dist@lists.debian.org, Filesystems Group <filesystems-devel@lists.alioth.debian.org>:
Bug#793468; Package src:squashfs-tools. (Fri, 24 Jul 2015 10:27:06 GMT) (full text, mbox, link).

Acknowledgement sent to Romeo Papa <romeopapa@caramail.com>:
Extra info received and forwarded to list. Copy sent to Filesystems Group <filesystems-devel@lists.alioth.debian.org>. (Fri, 24 Jul 2015 10:27:06 GMT) (full text, mbox, link).

Message #10 received at 793468@bugs.debian.org (full text, mbox, reply):

From: Romeo Papa <romeopapa@caramail.com>
To: 793468@bugs.debian.org
Subject: Fix for CVE-2015-4646, and more
Date: Fri, 24 Jul 2015 12:23:32 +0200
Following up is a debdiff that:

   * fixes CVE-2015-4645 and CVE-2015-4646
   * Upgrades to squashfs-tools 4.3
   * Updates the man pages

Information forwarded to debian-bugs-dist@lists.debian.org, Filesystems Group <filesystems-devel@lists.alioth.debian.org>:
Bug#793468; Package src:squashfs-tools. (Fri, 24 Jul 2015 10:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Romeo Papa <romeopapa@caramail.com>:
Extra info received and forwarded to list. Copy sent to Filesystems Group <filesystems-devel@lists.alioth.debian.org>. (Fri, 24 Jul 2015 10:57:04 GMT) (full text, mbox, link).

Message #15 received at 793468@bugs.debian.org (full text, mbox, reply):

From: Romeo Papa <romeopapa@caramail.com>
To: 793468@bugs.debian.org
Subject: Debdiff for CVE-2015-4646, and more
Date: Fri, 24 Jul 2015 12:55:35 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems I am unable to send the debdiff file directly through email.

I have therefore hosted the diff on PasteBin,

Here is the highlighed code: http://pastebin.com/HcViHJBW
Here is the raw code: http://pastebin.com/raw.php?i=HcViHJBW

Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVshmnAAoJEM5wUx8CP5BTqBMP/3Nmz0p9tF2gzOgxuXTEJGIc
mb7SGGdlpysGWTuISVwunXx1laSjNjie7UV9/FgobdsUCMCy2GyFl01k4/z/jcA7
pwxFUZlkpOm30xiyNxaPYzNZIx5bHUnRuj9ecqp59fcCRLbNrJH1X/8/1lt/Jh0+
niMS/yl7nF4PNABCTxtWHymD9geKe22YTfVUIvBtoJTrf5wyQuNpDbDXzBMCFIxh
jzeDKojWbmckR2yapd+ktnN5Qd6/CzKaZ8urs2kodnYCpYLn23uahVnpuBTjbGZG
aHyIO7n82vwcwIglaMibGCbzmjXPY/qqRLZyn3ABZ99aGXu2NtP4DACB9jRYWGpm
yYd1GdZafPraB/wIIXzjBa7vO2E6Hw/5jNarLOwjBPdMwWWrxin9vqpVEUmhaVRJ
1Qf/1cCZhjbkt9iBOs3uUHyAeaA17kqMDAftXf1Ff5uA+TPSz/UUFqJBEqCxDmkx
JPGch4Jg15w/p3/MxJHIry9wXY9vidZPQ4amDfHjVneUIRkiFLph6KRd/h4twwP3
jqsKWU1R475l9YZn2TgxB4uD4Z2JqhSlQZLylxOQ09SHTb0PtY56OAT35KeB9d++
Nyj1OCvSmckQStQQvSRTo90WuqmGA93x2PQbSyp4pLj9XwvxTNnyvEaDFsgmdFBr
6iOj9E7F0pPXgnujy8l4
=9iFE
-----END PGP SIGNATURE-----

Added tag(s) security and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 24 Jul 2015 11:27:04 GMT) (full text, mbox, link).

Added tag(s) patch. Request was from Jérémy Bobbio <lunar@debian.org> to control@bugs.debian.org. (Tue, 04 Aug 2015 07:18:03 GMT) (full text, mbox, link).

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Wed, 09 Sep 2015 19:21:24 GMT) (full text, mbox, link).

Notification sent to Romeo Papa <romeopapa@caramail.com>:
Bug acknowledged by developer. (Wed, 09 Sep 2015 19:21:24 GMT) (full text, mbox, link).

Message #24 received at 793468-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 793468-close@bugs.debian.org
Subject: Bug#793468: fixed in squashfs-tools 1:4.3-2
Date: Wed, 09 Sep 2015 19:19:21 +0000
Source: squashfs-tools
Source-Version: 1:4.3-2

We believe that the bug you reported is fixed in the latest version of
squashfs-tools, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793468@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated squashfs-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 07 Sep 2015 18:03:49 +0200
Source: squashfs-tools
Binary: squashfs-tools squashfs-tools-dbg
Architecture: source amd64
Version: 1:4.3-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 squashfs-tools - Tool to create and append to squashfs filesystems
 squashfs-tools-dbg - Tool to create and append to squashfs filesystems (debug)
Closes: 749878 754234 793467 793468 798268
Changes:
 squashfs-tools (1:4.3-2) unstable; urgency=high
 .
   * Fix security issues:
     - CVE-2015-4645 - stack overflow in read_fragment_table_4
       (closes: #793467),
     - CVE-2015-4646 - stack overflow in read_fragment_table_4 due to fix for
       CVE-2015-4645 (closes: #793468).
   * Fix phys mem calculation for 32-bit processes on PAE/64-bit kernels
     (closes: #798268).
   * Build with XZ Utils liblzma (closes: #754234, #749878).
   * Update 0001-kfreebsd.patch to fix kFreeBSD FTBFS.
Checksums-Sha1:
 3c115e79a0c0ddfb1080c6837f767a06c48b89d8 2004 squashfs-tools_4.3-2.dsc
 e0f85e23282d662c285170f41721d0d390945e4c 14088 squashfs-tools_4.3-2.debian.tar.xz
 e95fb39e1413ea8a2abdcc894d913bcb99c12c7a 303762 squashfs-tools-dbg_4.3-2_amd64.deb
 1278f8f132e17c574fbcd28a40173f46cdb597f1 119732 squashfs-tools_4.3-2_amd64.deb
Checksums-Sha256:
 2b707af906bb9856cc1d763ba9db175f79e8e99c051afa8ba41441b5c1fab61d 2004 squashfs-tools_4.3-2.dsc
 a2442f69c7e3ec7e8f030a6742e185ff6af148688e660a8aa880e402fcb66489 14088 squashfs-tools_4.3-2.debian.tar.xz
 fda0e5d7b5a2808ba8ab7db9de3bb5ab9a01cd63128d82d403d420a187025a9d 303762 squashfs-tools-dbg_4.3-2_amd64.deb
 9aff7e08e6d4a95127b25a54921ef5b85e1c0c4a11e10d03c758f5dd574f8274 119732 squashfs-tools_4.3-2_amd64.deb
Files:
 5595e4d2c9a4ba9870852b14eb221931 2004 kernel optional squashfs-tools_4.3-2.dsc
 febc54a9ad45cb88d17478df7516d3c3 14088 kernel optional squashfs-tools_4.3-2.debian.tar.xz
 bb41bba7edeb9df878436377dc31eaba 303762 debug extra squashfs-tools-dbg_4.3-2_amd64.deb
 9dfc585d883e6e2d4f43cb7017cdf9ea 119732 kernel optional squashfs-tools_4.3-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV8IB9AAoJENzjEOeGTMi/6GEQAIqqHezE4V+VoSCf6Y11GW+c
71rYOVz8SbM3CIjEeJwilpTfyiuDZOZzwPcw7yscQWqMBHRutF7bEhOyWkG/YgA4
X8HOPtPXklgNLbly+jtOf51aDDnmFHoLtlw1qv20j263RGHkVVwwsgXyE/QDC3Z9
h9USkqagXXuqScYGPN3MHh4s6TsHt2YxHkZ+oZqrvsSzL/hUwq/ET8adXP1HsBs/
PSCf9wL1tWNSQL6/932T8WEbOnhCOZuqla3krYl/Djlsh0WI7dwOZN/HdKo/GgEp
zRVYujONjrfSweyN1yB3IsSLN2RAJED0Ou7Z6gia56FXpcBAW0lel15opuXC3mRB
iaBrDgq3dT6QiODJVxDcJf3usQoo9xxCcfvOhF6pv/4aJvgWt1A1iU18J9jeXkcW
t8Pb4CZgWMqG/7OdITGV+SDCkXLfsX10Jk8rxddoM8W9PLteWqFcWXMAohBaeoKM
QaCxdzS+d59eEkSUp57gItG+UYOzzXkp+4yYdpKvVgcbqVHtEUiRKRRIRglQfORq
wLIc0Ot/64nRz94gMeOVPH0BUxHgrHaKiS36Fbbnx475Ek7YH1S87UVh4fs5IR/+
ZJ22VJX62XINGW8vA4ZjM2Gi1eZibst134HlJ8IpFyUu2h/GzMKFWY9EHApsRWKV
JeEx+fxsXixNbfYfmxBg
=/UGb
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 10 Oct 2015 07:34:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:48:44 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started