diff options
author | Julian Andres Klode <jak@debian.org> | 2016-12-05 23:01:25 +0100 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-12-08 15:31:19 +0100 |
commit | 538b04f7b31ad1e2fb04804574614762001be136 (patch) | |
tree | 9973cf3f9ed3313c487cf35e2a7569a48ca794a1 /doc/files.dbk | |
parent | 66b687801a7bad997f2017b423f484604e9c0787 (diff) |
SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
This fixes a security issue where signatures of the
InRelease files could be circumvented in a man-in-the-middle
attack, giving attackers the ability to serve any packages
they want to a system, in turn giving them root access.
It turns out that getline() may not only return EINVAL
as stated in the documentation - it might also return
in case of an error when allocating memory.
This fix not only adds a check that reading worked
correctly, it also implicitly checks that all writes
worked by reporting any other error that occurred inside
the loop and was logged by apt.
Affected: >= 0.9.8
Reported-By: Jann Horn <jannh@google.com>
Thanks: Jann Horn, Google Project Zero for reporting the issue
LP: #1647467
(cherry picked from commit 51be550c5c38a2e1ddfc2af50a9fab73ccf78026)
(cherry picked from commit 4ef9e0837ce139b398299431ae2294882f531d8e)
(cherry picked from commit 0bbbabb1b961b3b6541e7fdc8061fe6f282eafad)
Diffstat (limited to 'doc/files.dbk')
0 files changed, 0 insertions, 0 deletions