mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-03 19:42:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
8,295 Commits 634 Branches 398 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dongsu Park 9a4dd68239 dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315 
Fix a heap overflow vulnerability in bspatch included in bsdiff.

Originally the security issue was published as [FreeBSD-SA-16:29](https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc),
which pointed to a FreeBSD [patch](https://security.freebsd.org/patches/SA-16:29/bspatch.patch).
However, the patch was a set of huge changes including other unrelated
changes. That's why it was not simple at all to apply the patch to
bsdiff. Both Gentoo and Flatcar have not included the fix.

Fortunately X41 D-SEC [examined](https://www.x41-dsec.de/security/news/working/research/2020/07/15/bspatch/)
the issue again, and nailed down to a simple patch that can be easily
applied to other trees. We simply take the patch with minimal changes.

See also [CVE-2020-14315](https://nvd.nist.gov/vuln/detail/CVE-2020-14315).
2021-01-12 17:14:44 +01:00
sdk_container/src/third_party/coreos-overlay
dev-util/bsdiff: fix heap overflow vulnerability CVE-2020-14315
2021-01-12 17:14:44 +01:00
Description
image build and composition scripts for Flatcar Container Linux
flatcarflatcar-linuxhacktoberfestsdk
BSD-3-Clause 170 MiB
Languages
Shell 93.1%
Python 6.9%