Bug 367471 (CVE-2007-5197)

Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow
Product: [Other] Security Response Reporter: Ville Skyttä <ville.skytta>
Component: vulnerabilityAssignee: Alexander Larsson <alexl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora-security-list, paul
Target Milestone: ---Keywords: Patch, Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-20 12:01:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 367531, 367541, 367551, 367571    
Bug Blocks:    
Description Flags
Patch from Debian none

Description Ville Skyttä 2007-11-05 21:08:43 UTC

"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."

Patch extracted from Debian's patchkit (attached) seems to apply
to in devel with some line offsets, I have done no further analysis.

Comment 1 Ville Skyttä 2007-11-05 21:08:43 UTC
Created attachment 248611 [details]
Patch from Debian

Comment 2 Lubomir Kundrak 2007-11-05 21:47:10 UTC
Gentoo also has a patch, maybe a different one

Comment 3 Fedora Update System 2007-11-08 06:01:20 UTC
mono- has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Lubomir Kundrak 2007-11-09 18:16:23 UTC
Alex: I'd urge this a bit. When are f6 and f7 versions likely to hit the
repositories? (I've noticed there was some issue with libs on 64 bit platforms..?)

Comment 5 Fedora Update System 2007-11-09 23:55:05 UTC
mono-1.2.3-5.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.