security fixes for 2.5.6
Josh Bressers
bressers at redhat.com
Tue May 12 17:52:33 EDT 2009
> >
> > 8331e31a fixes a buffer overflow when initiating file transfer with a
> > client and it sends back malformed response
>
Use CVE-2009-1373 for this one.
> >
> > ad057b75 buffer overflow when decrypting qq packets
>
khc and I had a discussion about this one on IRC. It was decided it's a DoS
flaw only, my analysis is mostly right, other than the buffer is on the heap
via an alloca call, and the overflow won't cause anything outside of a crash.
Use CVE-2009-1374 for this.
> >
> > 2c9a1153 buffer overflow when encrypting qq packets
>
This is not being considered a security flaw per our discussion on IRC (it
only reads 8 bytes off the stack, and does nothing with them).
>
> >
> > 7829ec76 fixes a memory corruption that can sometimes happen if an
> > internal buffer is full when more bytes are available from the network
datallah and I chatted about this one on IRC. It appears it's likely just a
DoS flaw, as all that happens is the buffer ends up corrupted in some manner,
perhaps a really clever attacker could inject some fake protocol bits to trick
a user, but that seems pretty far fetched.
Use CVE-2009-1375
> >
> > Additionally, the previous fix to CVE-2008-2927 was incomplete, so we
> > fixed it again:
> >
> > 9dd1c4c3 Fixes a buffer overflow in the ZDI-08-054 report
> >
>
Use CVE-2009-1376 for this.
Thanks everyone.
What is the expected date for the release? I wouldn't mind a few more days if
you could spare it. I understand if you want this out sooner though, it's my
own fault I missed the mail.
--
JB
More information about the Packagers
mailing list