You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a serious security bug in xar, which seems to be fixed in the
repository. Please release official 1.5.3 so that new xar can be packaged
for Linux distributions.
CVE: http://security-tracker.debian.org/tracker/CVE-2010-0055
C.f. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572556
The following was reported to us by Braden Thomas of the Apple Security
Team:
>> Description:
>> We've discovered a signature verification bypass issue in xar. The
>> issue is that xar_open assumes that the checksum is stored at offset
>> 0, but xar_signature_copy_signed_data uses xar property
>> "checksum/offset" to find the offset to the checksum when validating
>> the signature. As a result, a modified xar archive can pass signature
>> validation by putting the checksum for the modified TOC at offset 0,
>> pointing "checksum/offset" at the non-modified checksum at a higher
>> offset, and using the original non-modified signature.
>>
>> CVE-ID: CVE-2010-0055
>>
>> Timing:
>> Proposed embargo date is March 3rd
>>
>> Fix:
>> This issue was fixed in xar r225 ? patch available from:
>> http://code.google.com/p/xar/source/detail?r=225
Original issue reported on code.google.com by [email protected] on 16 Mar 2010 at 5:40
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 16 Mar 2010 at 5:40The text was updated successfully, but these errors were encountered: