Bugzilla – Bug 1120631
VUL-1: CVE-2018-20534: libsolv: illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a
Last modified: 2021-06-02 14:45:55 UTC
There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20534
Not quite sure which commit of the upstream pull request this CVE refers to. The file / function that are referenced by the CVE (src/pool.h) are not touched at all ... https://github.com/openSUSE/libsolv/pull/291/files Michael, do you happen to know something about this ;-)?
It's probably this commit: commit 6de825c4d27022e48570824f0be77132c5b6d45a Author: Jaroslav Rohel <jrohel@redhat.com> Date: Tue Dec 11 10:27:15 2018 +0100 Fix: testsolv segfaults ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0) 0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331 1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793 2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807 3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) 5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0) 0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799 1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) 3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) diff --git a/ext/testcase.c b/ext/testcase.c index fe2636cb..c8dd14ee 100644 --- a/ext/testcase.c +++ b/ext/testcase.c @@ -2795,7 +2795,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res { int i = strlen(pieces[1]); s = strchr(pieces[1], '('); - if (!s && pieces[1][i - 1] != ')') + if (!s || pieces[1][i - 1] != ')') { pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]); }
Which But the patch only touches "ext/testcase.c", not src/pool.h as claimed by the CVE. Is this worthfile to fix and you will eventually do, or is it not important enough from your point of view?
So the CVE is wrong. It crashes in pool.h but the fix is in testcase.c. Se the commit. (All this are no security issues anyway...)
This only affects the test suite and not the underlying library. It cannot be exploited in any real-world application and hence should not be considered as vulnerability in libsolv itself.
SUSE-SU-2019:1972-1: An update that solves three vulnerabilities and has 9 fixes is now available. Category: security (moderate) Bug References: 1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: SUSE OpenStack Cloud 8 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Server 12-SP5 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Server 12-SP4 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Desktop 12-SP5 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Linux Enterprise Desktop 12-SP4 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE Enterprise Storage 5 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 SUSE CaaS Platform 3.0 (src): libsolv-0.6.36-2.16.2, libzypp-16.20.0-2.39.4, zypper-1.13.51-21.26.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2030-1: An update that solves three vulnerabilities and has 41 fixes is now available. Category: security (moderate) Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): PackageKit-1.1.10-4.10.4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, zypper-1.14.28-3.18.6 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): PackageKit-1.1.10-4.10.4, libsolv-0.7.5-3.12.2, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-devel-doc-4.0.13-3.7.2, zypper-1.14.28-3.18.6 SUSE Linux Enterprise Module for Development Tools 15 (src): libsolv-0.7.5-3.12.2 SUSE Linux Enterprise Module for Desktop Applications 15 (src): PackageKit-1.1.10-4.10.4, libyui-qt-pkg-2.45.15.2-3.5.3 SUSE Linux Enterprise Module for Basesystem 15 (src): libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-ncurses-pkg-doc-2.48.5.2-3.5.3, libyui-qt-pkg-2.45.15.2-3.5.3, libyui-qt-pkg-doc-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6 SUSE Linux Enterprise Installer 15 (src): libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1927-1: An update that solves three vulnerabilities and has 41 fixes is now available. Category: security (moderate) Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: openSUSE Leap 15.0 (src): PackageKit-1.1.10-lp150.11.1, libsolv-0.7.5-lp150.7.1, libyui-ncurses-pkg-2.48.5.2-lp150.7.1, libyui-qt-pkg-2.45.15.2-lp150.7.1, libzypp-17.12.0-lp150.2.13.1, yast2-pkg-bindings-4.0.13-lp150.2.13.1, zypper-1.14.28-lp150.2.13.1
SUSE-SU-2019:2265-1: An update that solves three vulnerabilities and has 13 fixes is now available. Category: security (moderate) Bug References: 1049825,1109893,1110542,1111319,1112911,1113296,1116995,1120629,1120630,1120631,1127155,1131823,1134226,1137977,1140039,1145521 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE OpenStack Cloud 8 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE OpenStack Cloud 7 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server for SAP 12-SP2 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server 12-SP4 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server 12-SP2-LTSS (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Server 12-SP2-BCL (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Linux Enterprise Desktop 12-SP4 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Enterprise Storage 5 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE Enterprise Storage 4 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 SUSE CaaS Platform 3.0 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 HPE Helion Openstack 8 (src): libsolv-0.6.36-2.27.19.8, libzypp-16.20.2-27.60.4, zypper-1.13.54-18.40.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2019:2742-1: An update that solves three vulnerabilities and has 18 fixes is now available. Category: recommended (important) Bug References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): PackageKit-1.1.10-12.3.5 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): libsolv-0.7.6-3.7.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): PackageKit-1.1.10-12.3.5, libsolv-0.7.6-3.7.2, libzypp-17.15.0-3.9.1, yast2-pkg-bindings-devel-doc-4.1.2-3.3.5, zypper-1.14.30-3.7.2 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): libsolv-0.7.6-3.7.2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): PackageKit-1.1.10-12.3.5, libyui-qt-pkg-2.45.27-3.3.5 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): libsolv-0.7.6-3.7.2, libyui-ncurses-pkg-2.48.9-7.3.5, libyui-ncurses-pkg-doc-2.48.9-7.3.3, libyui-qt-pkg-2.45.27-3.3.5, libyui-qt-pkg-doc-2.45.27-3.3.3, libzypp-17.15.0-3.9.1, yast2-pkg-bindings-4.1.2-3.3.5, zypper-1.14.30-3.7.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2019:2391-1: An update that solves three vulnerabilities and has 18 fixes is now available. Category: recommended (important) Bug References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Sources used: openSUSE Leap 15.1 (src): PackageKit-1.1.10-lp151.8.6.1, libsolv-0.7.6-lp151.2.3.2, libyui-ncurses-pkg-2.48.9-lp151.2.3.1, libyui-ncurses-pkg-doc-2.48.9-lp151.2.3.1, libyui-qt-pkg-2.45.27-lp151.2.3.1, libyui-qt-pkg-doc-2.45.27-lp151.2.3.1, libzypp-17.15.0-lp151.2.3.2, yast2-pkg-bindings-4.1.2-lp151.2.3.1, yast2-pkg-bindings-devel-doc-4.1.2-lp151.2.3.1, zypper-1.14.30-lp151.2.3.1
SUSE-SU-2020:2660-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1120629,1120630,1120631,1127155,1131823,1137977 CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): libsolv-0.6.36-2.30.1 SUSE OpenStack Cloud Crowbar 8 (src): libsolv-0.6.36-2.30.1 SUSE OpenStack Cloud 9 (src): libsolv-0.6.36-2.30.1 SUSE OpenStack Cloud 8 (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server 12-SP5 (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libsolv-0.6.36-2.30.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libsolv-0.6.36-2.30.1 SUSE Enterprise Storage 5 (src): libsolv-0.6.36-2.30.1 HPE Helion Openstack 8 (src): libsolv-0.6.36-2.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.