Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Sep 2016 15:00:53 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Out of bounds heap bugs in glib, heap buffer overflow in
 gnome-session

https://blog.fuzzing-project.org/53-Out-of-bounds-heap-bugs-in-glib,-heap-buffer-overflow-in-gnome-session.html

By testing GNOME-related packages with Address Sanitizer I recently
discovered several trivial to find bugs.

Two out of bounds bugs in the glib library were uncovered by running
the test suite with Address Sanitizer enabled. One heap buffer overflow
in the parameter parsing of gnome-session was uncovered by trying to
start GNOME. Given that these bugs weren't discovered earlier means
that most likely nobody ever used Address Sanitizer to test GNOME
components.

I strongly recommend to GNOME and to other software communities to use
Address Sanitizer testing in order to improve the quality of their
software.

Out of bounds read in g_unichar_iswide_bsearch() / glib
https://bugzilla.gnome.org/show_bug.cgi?id=766211
Upstream bug report (again reported here)
https://git.gnome.org/browse/glib/commit/?id=bcbd8d7
Commit / fix
Fixed in 2.48.2.

Out of bounds read in token_stream_prepare() / glib
https://bugzilla.gnome.org/show_bug.cgi?id=762417
Upstream bug report
https://git.gnome.org/browse/glib/commit/glib/gvariant-parser.c?id=aead1c046dd39748cca449b55ec300ba5f025365
Commit / fix
Fixed in 2.48.0.

Heap buffer overflow in gnome-session
https://bugzilla.gnome.org/show_bug.cgi?id=768441
Upstream bug report
https://git.gnome.org/browse/gnome-session/commit/?h=gnome-3-20&id=634ab70d9f03b1650be4b8259091ca3036f0fbf9
Commit / fix
Fixed in 3.20.2.


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ