security fixes for 2.5.6

Josh Bressers bressers at
Tue May 12 17:52:33 EDT 2009

> > 
> > 8331e31a fixes a buffer overflow when initiating file transfer with a
> > client and it sends back malformed response

Use CVE-2009-1373 for this one.

> > 
> > ad057b75 buffer overflow when decrypting qq packets

khc and I had a discussion about this one on IRC. It was decided it's a DoS
flaw only, my analysis is mostly right, other than the buffer is on the heap
via an alloca call, and the overflow won't cause anything outside of a crash.

Use CVE-2009-1374 for this.

> > 
> > 2c9a1153 buffer overflow when encrypting qq packets

This is not being considered a security flaw per our discussion on IRC (it
only reads 8 bytes off the stack, and does nothing with them).

> > 
> > 7829ec76 fixes a memory corruption that can sometimes happen if an
> > internal buffer is full when more bytes are available from the network

datallah and I chatted about this one on IRC. It appears it's likely just a
DoS flaw, as all that happens is the buffer ends up corrupted in some manner,
perhaps a really clever attacker could inject some fake protocol bits to trick
a user, but that seems pretty far fetched.

Use CVE-2009-1375

> > 
> > Additionally, the previous fix to CVE-2008-2927 was incomplete, so we
> > fixed it again:
> > 
> > 9dd1c4c3 Fixes a buffer overflow in the ZDI-08-054 report
> > 

Use CVE-2009-1376 for this.

Thanks everyone.

What is the expected date for the release?  I wouldn't mind a few more days if
you could spare it. I understand if you want this out sooner though, it's my
own fault I missed the mail.


More information about the Packagers mailing list