Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Aug 2014 14:24:26 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: glibc character set conversion from IBM code pages

In 2012, a crasher in IBM930 decoding was reported and fixed:

<https://sourceware.org/bugzilla/show_bug.cgi?id=14134>
<https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=6e230d11837f3a>

This change went into glibc 2.16.

Today, Adhemerval Zanella Netto reported in additional code page 
decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364):

<https://sourceware.org/bugzilla/show_bug.cgi?id=17325>
<https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html>

Upstream commit is still pending.

These crashers are out-of-bounds reads at a fixed offset relative to the 
data segment of a DSO, and in all cases I've seen, they were right in 
the middle of an unmapped segment of the same DSO.  This means that 
these bugs are just crashers, but they can still result in 
denial-of-service conditions.

Since the affected version ranges are not identical, this needs two 
separate CVE identifiers, probably one from 2012 and one from 2014.

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.