Bug 729146
Summary: | CVE-2011-2900 mongoose: stack-based buffer overflow flaw in put_dir() [fedora-all] | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> | ||||
Component: | mongoose | Assignee: | Rafael Aquini <aquini> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 15 | CC: | aquini | ||||
Target Milestone: | --- | Keywords: | Security, SecurityTracking | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | mongoose-2.8-7.el6 | Doc Type: | Release Note | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-09-07 03:29:21 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 729145 | ||||||
Attachments: |
|
Description
Vincent Danen
2011-08-08 20:23:24 UTC
Created attachment 520187 [details] patch to fix CVE-2011-2900 This patch address a fix for CVE-2011-2900, and it is an excerpt from upstream commit 556f4de91eae https://code.google.com/p/mongoose/source/diff?spec=svn556f4de91eae4bac40dc5d4ddbd9ec7c424711d0&r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0&format=side&path=/mongoose.c --Aquini mongoose-3.0-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc14 mongoose-3.0-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc15 mongoose-3.0-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc16 Package mongoose-3.0-2.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mongoose-3.0-2.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc16 then log in and leave karma (feedback). mongoose-2.8-7.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mongoose-2.8-7.el5 mongoose-2.8-7.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mongoose-2.8-7.el6 mongoose-3.0-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. mongoose-3.0-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. mongoose-3.0-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. mongoose-2.8-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. mongoose-2.8-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |