Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 31 Jul 2014 11:34:24 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: [CVE request] Array allocation fixes in libgfortran

On 07/24/2014 04:08 AM, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> several CVE-2002-0391-style integer overflows in array allocation in
>> libgfortran
>>
>> https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
>
> Use CVE-2014-5044.

Thanks.  The fixes have been backported to GCC 4.8 and 4.9:

https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html
https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html

> It seems fairly clear that there is only one CVE ID needed. However,
> can you clarify what definition of "CVE-2002-0391-style integer
> overflows" you were using? We think you might mean:
>
>    - any integer overflow caused by multiplying the number of elements
>      in an array by the size of a single element
>
>    - this includes, but isn't limited to, cases where the array
>      elements represent arguments

The first, combined with the fact that the overflowing calculation is 
used to compute byte sizes for memory allocation purposes.

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ