Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Mar 2015 03:36:18 -0400 (EDT)
From: cve-assign@...re.org
To: fweimer@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Invalid pointer dereference in the GNOME librest library

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The OAuth implementation in librest, a helper library for RESTful
> services part of the GNOME project, incorrectly truncates the pointer
> returned by the rest_proxy_call_get_url function call, leading to an
> application crash, or worse.
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=742644
> https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea03817acdad87fb2b338a86018329
> https://bugzilla.redhat.com/show_bug.cgi?id=1183982
> 
> The security impact was noted in 2015, although the bug was fixed in 2014.

> will lead to memory errors when the size of an int is not the same as
> a pointer

Use CVE-2015-2675.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVD8IYAAoJEKllVAevmvmsiIYH/0Ty9WFGi6JY2v9v46ZTJmJI
rXIEkrt5c2vY2HxPQse1l2pFAn5mo5UJQf1JwaXiZ8rg47KYETOMQi9aAUr3tJaP
KHcFNrIYos6ywBFQwI+J+Yzrx2oBTp/CFggyRmyvb/IHRRsVr0zryjaeH7OHxKwE
wvdibr+JMDCv1OB6odzGtRQ41QF9SlxgqcoVOby2DBR9D+tu3oTfw1ZIW5PKNLYl
UaOCWcKYBnDO0A4D8Qnnur9GOXVASzfQByBwURDfAGhzgRVYi0mU6LINZ+zpopdX
O8/lYkRTOHR/LFXPlOGNCahRXT9PeMt06drUCmsFRFWz8B1Ug/gdVuSpYGnbIko=
=0SUt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ