Bug 367471 (CVE-2007-5197)

Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow
Product: [Other] Security Response Reporter: Ville Skyttä <ville.skytta>
Component: vulnerabilityAssignee: Alexander Larsson <alexl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: fedora-security-list, paul
Target Milestone: ---Keywords: Patch, Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-20 07:01:33 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 367531, 367541, 367551, 367571    
Bug Blocks:    
Description Flags
Patch from Debian none

Description Ville Skyttä 2007-11-05 16:08:43 EST

"Buffer overflow in the Mono.Math.BigInteger class in Mono allows
context-dependent attackers to execute arbitrary code via unspecified vectors."

Patch extracted from Debian's patchkit (attached) seems to apply
to in devel with some line offsets, I have done no further analysis.
Comment 1 Ville Skyttä 2007-11-05 16:08:43 EST
Created attachment 248611 [details]
Patch from Debian
Comment 2 Lubomir Kundrak 2007-11-05 16:47:10 EST
Gentoo also has a patch, maybe a different one
Comment 3 Fedora Update System 2007-11-08 01:01:20 EST
mono- has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Lubomir Kundrak 2007-11-09 13:16:23 EST
Alex: I'd urge this a bit. When are f6 and f7 versions likely to hit the
repositories? (I've noticed there was some issue with libs on 64 bit platforms..?)
Comment 5 Fedora Update System 2007-11-09 18:55:05 EST
mono-1.2.3-5.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.