Date: Thu, 17 Aug 2017 14:24:47 +0930
From: Doran Moppert <dmoppert@...hat.com>
Subject: CVE-2017-7555 augeas: crash/memory corruption when handling certain
A vulnerability was found in augeas <http://augeas.net/> that could
allow attackers to cause memory corruption possibly leading to arbitrary
code execution by passing crafted strings that would be mis-handled by
parse_name(). A patch created by David Lutterkort is available on the
Briefly, input strings ending with a whitespace char would be escaped
(aug_escape_name) then incorrectly trimmed in parse_name, leading to a
later loop stepping over the terminating NUL character. Crashes in
libvirtd were observed.
This issue was discovered by Han Han (Red Hat) through fuzzing with the
Dice testing framework.
Red Hat Product Security
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.