FEDORA-EPEL-2016-8c727601c5 created by rathann 3 years ago for Fedora EPEL 7
stable

Update to latest stable upstream release, fixing security issues (CVE-2015-8789, CVE-2015-8790 and CVE-2015-8791). No incompatible ABI or API changes.

Highlights from upstream changelog:

  • EbmlMaster::Read(): When the parser encountered a deeply nested element with an infinite size then a following element of an upper level was not propagated correctly. Instead the element with the infinite size was added into the EBML element tree a second time resulting in memory access after freeing it and multiple attempts to free the same memory address during destruction. Fixes the issue reported as Cisco TALOS-CAN-0037.
  • EbmlElement::ReadCodedSizeValue(): Fixed an invalid memory access. When reading a EBML variable length integer value a read access beyond the end of the available buffer was possible if fewer bytes were available than indicated by the first byte resulting in a heap information leak.
  • EbmlUnicodeString::UpdateFromUTF8(): Fixed an invalid memory access. When reading from a UTF-8 string in which the length indicated by a UTF-8 character's first byte exceeds the string's actual number of bytes the parser would access beyond the end of the string resulting in a heap information leak. Fixes the issue reported as Cisco TALOS-CAN-0036.
  • EbmlElement::FindNextElement(): Handle EOF when reading the element size properly.
  • EbmlString::ValidateSize(): only allow the same maximum size as EbmlBinary.
  • EbmlElement::Render(): doesn't catch exceptions anymore. Instead exceptions generated from the IOCallback class (e.g. if a write failed) are propagated to the caller.
  • build system: switched the build system from hand-crafted Makefiles to an autoconf/automake-based system. A pkg-config file will be installed as well; its name is »libebml«. Patch by Jan Engelhardt jengelh@inai.de.
  • EbmlMaster::Read(): when reading with SCOPE_ALL_DATA only those elements that could successfully be read will be kept (e.g. defective block groups will be dropped).
  • EbmlMemoryStream: add a new class for safe memory access that throws exception on failures.
  • EbmlMaster: Fixed read() trying to calculate the end position of elements with an unknown size. This avoids endless loops and assertions in certain cases. See https://trac.bunkus.org/ticket/1089
This update has been submitted for testing by rathann. 3 years ago
rathann edited this update. 3 years ago
This update has been pushed to testing. 3 years ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 3 years ago
This update has been submitted for stable by rathann. 3 years ago
This update has been pushed to stable. 3 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1276337 CVE-2015-8789 libebml: Usa-after-free vulnerability in EblMaster::Read() [epel-all]
0
0
BZ#1303856 CVE-2015-8791 CVE-2015-8790 libebml: information leaks in two functions [epel-7]
0
0

Automated Test Results