Bug 26763

Summary: buffer overflow for m4
Product: [Retired] Red Hat Linux Reporter: Chris Ricker <chris.ricker>
Component: m4Assignee: Florian La Roche <laroche>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: Florence RC-1
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-02-09 23:07:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Ricker 2001-02-09 00:41:50 UTC 
m4-1.4.1-3

The m4 shipping in beta three is vulnerable to the buffer overflows
currently being discussed on bugtraq

[root@station12 /root]# m4 -G %n
m4: Segmentation fault (core dumped)
[root@station12 /root]# m4 -G %n%n
m4: Segmentation fault (core dumped)
[root@station12 /root]# m4 -G %x  
m4: 80499d9: No such file or directory
[root@station12 /root]# m4 -G %qx
m4: bffff8ec080499d9: No such file or directory
[root@station12 /root]#
Comment 1 Glen Foster 2001-02-09 23:07:21 UTC 
This defect is considered MUST-FIX for Florence Release-Candidate #1
Comment 2 Florian La Roche 2001-02-13 13:32:13 UTC 
I have fied the above one and found another similar case. Both are fixed in the
current rpm.
Thanks for this report.