Bug 453764 (CVE-2008-2927)
| Summary: | CVE-2008-2927 pidgin MSN integer overflow | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | kreilly, security-response-team, vdanen, wtogami | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-06-09 07:14:17 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 453765, 453766, 453767, 453768, 453769, 833956 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Josh Bressers
2008-07-02 13:14:49 UTC
Created attachment 310788 [details]
Proposed upstream patch
#
#
# patch "libpurple/protocols/msnp9/slplink.c"
# from [0148f31961bbe4a9a992377e70db082952505db4]
# to [f65596ea173bf7c9c1114edd7599140f470e7788]
#
============================================================
--- libpurple/protocols/msnp9/slplink.c 0148f31961bbe4a9a992377e70db082952505db4
+++ libpurple/protocols/msnp9/slplink.c f65596ea173bf7c9c1114edd7599140f470e7788
@@ -597,7 +597,7 @@ msn_slplink_process_msg(MsnSlpLink *slpl
}
else if (slpmsg->size)
{
- if ((offset + len) > slpmsg->size)
+ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
{
purple_debug_error("msn", "Oversized slpmsg\n");
g_return_if_reached();
For reference, this is the upstream patch that went into 2.4.3. I need to
backport this for pidgin-2.3.1 in RHEL4 and RHEL5, and pidgin-1.5.x in RHEL3.
I'm making this bug public in order to avoid creating confusion. Upstream advisory: http://www.pidgin.im/news/security/?id=25 Fixed upstream in: 2.4.3 This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0584.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-5597 https://admin.fedoraproject.org/updates/F11/FEDORA-2009-5583 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-5552 |