Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 May 2016 20:08:05 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE request: libksba out-of-bouds read remote DOS issue fixed in
 1.3.4

libksba 1.3.4 was released with the following in NEWS:

> * Fixed two OOB read access bugs which could be used to force a DoS.

The first is http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64

> Fix possible read access beyond the buffer. > > * src/ber-help.c (_ksba_ber_parse_tl): Add extra sanity check. > *
src/cert.c (ksba_cert_get_cert_policies): Check TLV given length >
against buffer length. > (ksba_cert_get_ext_key_usages): Ditto. > *
src/ocsp.c (parse_asntime_into_isotime): Ditto. > -- > > The returned
length of the object from _ksba_ber_parse_tl (ti.length) > was not
always checked against the actual buffer length, thus leading > to a
read access after the end of the buffer and thus a segv. > >
GnuPG-bug-id: 2344 > Reported-by: Pascal Cuoq > Signed-off-by: Werner
Koch <wk@...pg.org <mailto:wk@...pg.org>>



The second (6be61daac047d8e6aa941eb103f8e71a1d4e3c75
<http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75>) was already assigned CVE-2016-4574 (incomplete fix for CVE-2016-4356) elsethread.
http://seclists.org/oss-sec/2016/q2/300

Could a CVE be assigned to this issue?

Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ