security fixes for 2.5.6

Daniel Atallah daniel.atallah at gmail.com
Tue May 12 15:56:49 EDT 2009


On Tue, May 12, 2009 at 3:42 PM, Josh Bressers <bressers at redhat.com> wrote:
> Sorry for the delay on this mail, it slipped through the cracks.  Comments
> inline below.
>
> ----- "Ka-Hing Cheung" <khc at pidgin.im> wrote:
>
>> Just a heads up that we will be releasing 2.5.6 in a few days and it
>> will contain the following security fixes (in addition to other bug
>> fixes):
>>
>> 8331e31a fixes a buffer overflow when initiating file transfer with a client
>> and it sends back malformed response
>
> This patch is bigger than a breadbox, I'll take your word for it.

The critical parts of the patch are only 2 lines (lines 25 and 80 of
the patch) The rest is clarification and debugging messages
improvement.

>>
>> 7829ec76 fixes a memory corruption that can sometimes happen if an internal
>> buffer is full when more bytes are available from the network
>
> Can this be triggered by an attacker?  This sounds like it's just a bug that
> happens from time to time, not something that can be triggered.

I believe it could be triggered by someone sending you exactly enough
to fill the buffer, then waiting and then sending more data.

> Also, in this context, what does memory corruption mean?

The contents of the buffer get corrupted.

(I'll let someone else speak to the other questions you brought up.)



More information about the Packagers mailing list