Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 14:09:11 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com, mprpic@...hat.com
Cc: cve-assign@...re.org
Subject: Re: Re: CVE request: three issues in libksba

Hello,

On 04/29/2016 06:13 PM, cve-assign@...re.org wrote:
> > Integer overflow in the DN decoder src/dn.c
> >
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
>
> This might be an error in the original
> https://security.gentoo.org/glsa/201604-04 advisory. We did not notice
> any obvious relationship between
> 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 and an integer overflow fix.
> The 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 commit message seems to
> focus on "read access out of bounds." Also, there is no other recent
> commit at
> http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=history;f=src/dn.c
> that refers to an integer overflow. Possibly there was an inapplicable
> copy-and-paste of "Integer overflow in the" from the previous report
> about the BER decoder.
>
> Use CVE-2016-4356 for the 243d12fdec66a4360fbb3e307a046b39b5b4ffc3
> issue that is described as "Fix encoding of invalid utf-8 strings in
> dn.c" and "read access out of bounds."


There is a follow-up fix in libksba 1.3.4 for this issue:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75

> Fix an OOB read access in _ksba_dn_to_str.
>
> * src/dn.c (append_utf8_value): Use a straightforward check to fix an
> off-by-one.
> --
>
> The old fix for the problem from April 2015 had an off-by-one in the
> bad encoding handing.
>
> Fixes-commit: 243d12fdec66a4360fbb3e307a046b39b5b4ffc3
> <http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=object;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3>
> GnuPG-bug-id: 2344
> Reported-by: Pascal Cuoq
> Signed-off-by: Werner Koch <wk@...pg.org>

Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)





[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ