From owner-freebsd-announce@FreeBSD.ORG Wed Nov 8 14:14:05 2006 Return-Path: X-Original-To: freebsd-announce@freebsd.org Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C97216A4E7; Wed, 8 Nov 2006 14:14:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFD9243DB1; Wed, 8 Nov 2006 14:13:56 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kA8EDtOD011905; Wed, 8 Nov 2006 14:13:55 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kA8EDt3H011904; Wed, 8 Nov 2006 14:13:55 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 8 Nov 2006 14:13:55 GMT Message-Id: <200611081413.kA8EDt3H011904@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Nov 2006 14:14:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:24.libarchive Security Advisory The FreeBSD Project Topic: Infinite loop in corrupt archives handling in libarchive(3) Category: core Module: libarchive Announced: 2006-11-08 Credits: Rink Springer Affects: FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC Corrected: 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1) CVE Name: CVE-2006-5680 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The libarchive library provides a flexible interface for reading and writing streaming archive files such as tar and cpio, and has been the basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3. II. Problem Description If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data. III. Impact An attacker able to cause a system to extract (via "tar -x" or another application which uses libarchive) or list the contents (via "tar -t" or another libarchive-using application) of an archive provided by the attacker can cause libarchive to enter an infinite loop and use all available CPU time. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to affected systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch # fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libarchive # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/lib/libarchive/archive_read_support_compression_none.c 1.6.2.2 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFUeSvFdaIBMps37IRAug+AKCWT9WdFvuqPZS0o7fp3f9GKd8/aQCfVcQE WODSvmI0ArwZOcWIESQOnIQ= =SDvI -----END PGP SIGNATURE-----