Date: Fri, 7 Nov 2008 18:25:26 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: thomas@...e.de Subject: Re: CVE request: libcdaudio On Wed, 5 Nov 2008 09:07:23 +0100 Thomas Biege <thomas@...e.de> wrote: > we need a CVE-ID for a buffer overflow in libcdaudio. > It is a remotely exploitable heap-based buffer overflow. If you have been using libcdaudio packages based on ATrpms / Fedora, you may have libcdaudio-0.99.12-buffovfl.patch, which addresses the same issue, it only mallocs more instead of fgetsing less. http://cvs.fedoraproject.org/viewvc/rpms/libcdaudio/devel/libcdaudio-0.99.12-buffovfl.patch This issue does not seem to affect CDDB code used by grip/gnome-vfs2, which may have common origin and previously had some flaws identical to libcdaudio (see below). Additionally, if you are shipping libcdaudio, you may be interested in patch for CVE-2005-0706 used by Gentoo: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/libcdaudio/files/libcdaudio-0.99-CAN-2005-0706.patch According to the libcdaudio home page, upstream seems to be aware of this issue, as they acknowledge having security issues and even link to old Gentoo GLSA. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ