Bugzilla – Bug 985669
VUL-1: CVE-2015-8929: bsdtar,libarchive: minor memory leak in tar parser
Last modified: 2019-05-22 01:05:29 UTC
CVE-2015-8929 > I also reported a couple of lower severity issues (leaks, hangs, > undefined behavior issues): > https://github.com/libarchive/libarchive/issues/517 > Memory leak in TAR parser References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8929 http://seclists.org/oss-sec/2016/q2/566
Created attachment 681341 [details] d24e79e.patch the commit that should fix it
QA REPRODUCER: valgrind --leak-check=full --show-leak-kinds=all bsdtar xf FOO.tar (FOO.tar can be any tar archive) (reports lots of FIPS leaks here, but no bsdtar leak :/ )
bugbot adjusting priority
looks like we have a not valid option "--show-leak-kinds=all" valgrind --leak-check=full --show-leak-kinds=all bsdtar xf test.tar valgrind: Bad option: --show-leak-kinds=all valgrind: Use --help for more information or consult the user manual.
on try to reproduce do not see any difference before and after update before: ------- sol:/tmp # valgrind --leak-check=full bsdtar xf test.tar ==6971== Memcheck, a memory error detector ==6971== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==6971== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==6971== Command: bsdtar xf test.tar ==6971== ==6971== Conditional jump or move depends on uninitialised value(s) ==6971== at 0x4E4C75D: ??? (in /usr/lib64/libarchive.so.2.5.5) ==6971== by 0x4E3D151: archive_read_extract2 (in /usr/lib64/libarchive.so.2.5.5) ==6971== by 0x406D57: ??? (in /usr/bin/bsdtar) ==6971== by 0x406FF5: ??? (in /usr/bin/bsdtar) ==6971== by 0x404C43: ??? (in /usr/bin/bsdtar) ==6971== by 0x58AFC35: (below main) (in /lib64/libc-2.11.3.so) ==6971== ==6971== ==6971== HEAP SUMMARY: ==6971== in use at exit: 46 bytes in 2 blocks ==6971== total heap usage: 393 allocs, 391 frees, 125,155 bytes allocated ==6971== ==6971== 46 (40 direct, 6 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2 ==6971== at 0x4C28F09: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==6971== by 0x404898: ??? (in /usr/bin/bsdtar) ==6971== by 0x58AFC35: (below main) (in /lib64/libc-2.11.3.so) ==6971== ==6971== LEAK SUMMARY: ==6971== definitely lost: 40 bytes in 1 blocks ==6971== indirectly lost: 6 bytes in 1 blocks ==6971== possibly lost: 0 bytes in 0 blocks ==6971== still reachable: 0 bytes in 0 blocks ==6971== suppressed: 0 bytes in 0 blocks ==6971== ==6971== For counts of detected and suppressed errors, rerun with: -v ==6971== Use --track-origins=yes to see where uninitialised values come from ==6971== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4) after: ------ mgr-srv-21-scc-pgl:/tmp # valgrind --leak-check=full bsdtar xf test.tar ==14791== Memcheck, a memory error detector ==14791== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==14791== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==14791== Command: bsdtar xf test.tar ==14791== ==14791== Conditional jump or move depends on uninitialised value(s) ==14791== at 0x4E4D8BD: ??? (in /usr/lib64/libarchive.so.2.5.5) ==14791== by 0x4E3E231: archive_read_extract2 (in /usr/lib64/libarchive.so.2.5.5) ==14791== by 0x406D57: ??? (in /usr/bin/bsdtar) ==14791== by 0x406FF5: ??? (in /usr/bin/bsdtar) ==14791== by 0x404C43: ??? (in /usr/bin/bsdtar) ==14791== by 0x58B1C35: (below main) (in /lib64/libc-2.11.3.so) ==14791== ==14791== ==14791== HEAP SUMMARY: ==14791== in use at exit: 46 bytes in 2 blocks ==14791== total heap usage: 450 allocs, 448 frees, 131,022 bytes allocated ==14791== ==14791== 46 (40 direct, 6 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 2 ==14791== at 0x4C29F09: malloc (vg_replace_malloc.c:270) ==14791== by 0x404898: ??? (in /usr/bin/bsdtar) ==14791== by 0x58B1C35: (below main) (in /lib64/libc-2.11.3.so) ==14791== ==14791== LEAK SUMMARY: ==14791== definitely lost: 40 bytes in 1 blocks ==14791== indirectly lost: 6 bytes in 1 blocks ==14791== possibly lost: 0 bytes in 0 blocks ==14791== still reachable: 0 bytes in 0 blocks ==14791== suppressed: 0 bytes in 0 blocks ==14791== ==14791== For counts of detected and suppressed errors, rerun with: -v ==14791== Use --track-origins=yes to see where uninitialised values come from ==14791== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
SUSE-SU-2016:1909-1: An update that fixes 20 vulnerabilities is now available. Category: security (important) Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835 CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libarchive-3.1.2-22.1 SUSE Linux Enterprise Server 12-SP1 (src): libarchive-3.1.2-22.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libarchive-3.1.2-22.1
SUSE-SU-2016:1939-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 920870,984990,985609,985669,985675,985682,985698 CVE References: CVE-2015-2304,CVE-2015-8918,CVE-2015-8920,CVE-2015-8921,CVE-2015-8924,CVE-2015-8929,CVE-2016-4809 Sources used: SUSE Studio Onsite 1.3 (src): bsdtar-2.5.5-9.1 SUSE OpenStack Cloud 5 (src): bsdtar-2.5.5-9.1 SUSE Manager Proxy 2.1 (src): bsdtar-2.5.5-9.1 SUSE Manager 2.1 (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Server 11-SP4 (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): bsdtar-2.5.5-9.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): bsdtar-2.5.5-9.1
openSUSE-SU-2016:2036-1: An update that fixes 20 vulnerabilities is now available. Category: security (important) Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835 CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809 Sources used: openSUSE Leap 42.1 (src): libarchive-3.1.2-13.2
released