Bug 438382

Summary: CVE-2008-1552 libsilc buffer overflow from PKCS#1 message decoding
Product: [Fedora] Fedora Reporter: Stu Tomlinson <stu>
Component: libsilcAssignee: Stu Tomlinson <stu>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: djuran, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://silcnet.org/docs/release/SILC%20Toolkit%201.1.7
Whiteboard: source=redhat,reported=20080321,public=20080320,impact=moderate
Fixed In Version: libsilc-1.1.7-1.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-08 20:04:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 440049    

Description Stu Tomlinson 2008-03-20 17:43:33 UTC 
Description of problem:

SILC Toolkit contains a possible buffer overflow from PKCS#1 message decoding in
versions earlier than 1.1.7. Specially crafted digital signature can be used to
crash the program.

I plan to update to SILC Toolkit 1.1.7 in rawhide, and backport the patch to
1.0.2 in Fedora 7 & Fedora 8.
Comment 1 Lubomir Kundrak 2008-03-21 14:49:17 UTC 
This is public, no need to mark it Security sensitive.
CVE name was requested.
Comment 2 Fedora Update System 2008-03-21 16:56:15 UTC 
libsilc-1.0.2-6.fc7 has been submitted as an update for Fedora 7
Comment 3 Fedora Update System 2008-03-21 16:56:16 UTC 
libsilc-1.0.2-6.fc8 has been submitted as an update for Fedora 8
Comment 4 Fedora Update System 2008-03-21 22:14:05 UTC 
libsilc-1.0.2-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2008-03-21 22:17:34 UTC 
libsilc-1.0.2-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Lubomir Kundrak 2008-03-24 10:16:09 UTC 
This is just a crash, probably caught by FORTIFY_SOURCE. No arbitrary code
execution possible.
Comment 7 David Juran 2008-03-25 09:23:11 UTC 
Somehow libsilc-1.0.2-6.fc8 doesn't seem to have made it into F8...
Comment 8 Lubomir Kundrak 2008-04-08 20:00:04 UTC 
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: [2]

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html
[2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy

Thanks!
Comment 9 Stu Tomlinson 2008-04-08 20:04:46 UTC 
The fix for this is in libsilc-1.1.7-1, which has been in rawhide for a while
now. The updates for Fedora 7 and Fedora 8 have already gone out too.