Bug 490667 (CVE-2004-2541, CVE-2009-0148)
Summary: | CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | kreilly, mjc, nhorman, security-response-team, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-11-04 14:44:34 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 499197, 499198, 499199, 499200, 499201, 505605, 833883 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2009-03-17 15:12:32 UTC
Fixed upstream in 15.7a: http://sourceforge.net/forum/forum.php?forum_id=947983 Upstream commits: http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015C-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs This CVE is duplicate / re-occurrence of old issue CVE-2004-2541: Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. It seems the original issue was not completely fixed upstream previously. Created attachment 342619 [details] Original Debian patch for CVE-2004-2541 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1102 https://rhn.redhat.com/errata/RHSA-2009-1102.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:1101 https://rhn.redhat.com/errata/RHSA-2009-1101.html |