Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 15 Feb 2016 12:09:55 -0500 (EST)
From: cve-assign@...re.org
To: scorneli@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A buffer-overflow vulnerability was discovered in the unhtmlify()
> function of foomatic-rip. The function did not properly calculate
> buffer sizes, possibly leading to a heap-based memory corruption. A
> remote, unauthenticated attacker could exploit this flaw to cause
> foomatic-rip to crash or possibly execute arbitrary code.
> 
> https://bugs.linuxfoundation.org/show_bug.cgi?id=515
> https://bugzilla.redhat.com/show_bug.cgi?id=1218297

Use CVE-2010-5325.

(Although https://bugzilla.redhat.com/show_bug.cgi?id=1218297#c2
also has a mention of "an off-by-one-ish problem" in addition to the
larger problem, there will not be multiple CVE IDs for this.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWwgUSAAoJEL54rhJi8gl5uykQAJzaoeYlGDOykAPG4FKygAuW
j4WKh5JltgiHBp4Fd22pr02A+LrIU0gH0iAEPU6lA8484P6YnWHvs3OMmYa4FRJT
ct9Nxf6Zjm3tewnhROTcx3pb8Xv5ooUtlvjDQ7S1HY2WrQ3+r/VGykGoupYNZFwC
HCNHW/HKaw33/eidUpaigRaCR9ftH24YjOa46bp6OJr+C3PGeR9GjE/umv6inJHz
byM+evEmzubiUYnahIzUyPjCYFjW+YyHfb9juoWWmNfVbLG+YqL3sbt8HeMI4y2W
dPXGgHkrm/B1GY1D/IO2rA3JGRrC7LSg6v0Tq33BbealBzwsdrwGQJewSEuJKnyc
fujBb3FnYQwbzcWL/XIxwwVnN/FldDuub+JpaesIY+pHhWf96KjJn5UmhYYRI0NE
I2EgKDhSzidCu3IdcCd7Ei2bKER8VRiq6EEnxy40o5QUTip2UTsroup9/NggIGo8
FZcXWRTMRKIWexMsUW5Fkmh4NobzLKAbYCDOaCy1vs8usysE0xeXh9gPB6+qLbtv
cR9FKMTqFRSQ5AXQ0YhSCnbxx3pP/5VAw7rnfFlEPHasAPdNyYNVSrNIUbPfIZTw
nSZ3x88l4jGgB4X4ydBM/fUSJ22A24fuu9tXAcvfsr2zNGWgrj676lbqAzFT51PC
qq3z5dhfv6awjdCptaC7
=kqIA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ