Bug 1492701 (CVE-2014-8184)
Summary: | CVE-2014-8184 liblouis: stack-based buffer overflow in findTable() | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | carnil, martin.gieseking, rasanche, rmatos, rsprudencio, samuel.thibault, security-response-team, yjog | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-11-03 16:05:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1492708, 1492709 | ||||||
Bug Blocks: | 1488949 | ||||||
Attachments: |
|
Description
Pedro Sampaio
2017-09-18 13:48:40 UTC
Acknowledgments: Name: Raphael Sanchez Prudencio (Red Hat) Hi Can you share details on this issue? Is upstream aware of the details? I found only https://github.com/liblouis/liblouis/issues/425 asking Upstream on it. Regards, Salvatore (In reply to Salvatore Bonaccorso from comment #5) > Hi > > Can you share details on this issue? Is upstream aware of the details? > > I found only https://github.com/liblouis/liblouis/issues/425 asking Upstream > on it. > > Regards, > Salvatore Hi Salvatore, this vulnerability (actually several buffer overflows in that same function) was sitting in our package because it was outdated. It was probably unknowingly fixed as this function was totally refactored during this merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524 This specific vulnerability does not exists in upstream version and it was introduced in commit 26ca8619. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:3111 https://access.redhat.com/errata/RHSA-2017:3111 Hi RAphael, (In reply to Raphael Sanchez Prudencio from comment #7) > (In reply to Salvatore Bonaccorso from comment #5) > > Hi > > > > Can you share details on this issue? Is upstream aware of the details? > > > > I found only https://github.com/liblouis/liblouis/issues/425 asking Upstream > > on it. > > > > Regards, > > Salvatore > > Hi Salvatore, this vulnerability (actually several buffer overflows in that > same function) was sitting in our package because it was outdated. It was > probably unknowingly fixed as this function was totally refactored during > this merge: > https://github.com/liblouis/liblouis/commit/ > dc97ef791a4fae9da11592c79f9f79e010596e0c#diff- > 7ade83431f79d2120c82012aee3b05c9L4524 > > This specific vulnerability does not exists in upstream version and it was > introduced in commit 26ca8619. Thanks for this, this was really helpfull to narrow down the affected status for us in Debian. Regards, Salvatore Created attachment 1347137 [details]
proposed fix
Hello,
As mentioned upstream, this is not enough, the strncpy call does not catch buffer overflows and missing \0.
This patch should be fixing it.
Samuel
(In reply to Samuel Thibault from comment #10) > Created attachment 1347137 [details] > proposed fix > > Hello, > As mentioned upstream, this is not enough, the strncpy call does not catch > buffer overflows and missing \0. > This patch should be fixing it. > Samuel * Edited * Good catch Samuel, thanks! I will request a new CVE for this incomplete fix and link it here when I get it. New CVE was generated for the incomplete fix: CVE-2017-15101. https://bugzilla.redhat.com/show_bug.cgi?id=1511023 External References: https://github.com/liblouis/liblouis/issues/425 |