Bug 729146
| Summary: | CVE-2011-2900 mongoose: stack-based buffer overflow flaw in put_dir() [fedora-all] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> | ||||
| Component: | mongoose | Assignee: | Rafael Aquini <aquini> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 15 | CC: | aquini | ||||
| Target Milestone: | --- | Keywords: | Security, SecurityTracking | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | mongoose-2.8-7.el6 | Doc Type: | Release Note | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-09-07 03:29:21 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 729145 | ||||||
| Attachments: |
|
||||||
|
Description
Vincent Danen
2011-08-08 20:23:24 UTC
Created attachment 520187 [details] patch to fix CVE-2011-2900 This patch address a fix for CVE-2011-2900, and it is an excerpt from upstream commit 556f4de91eae https://code.google.com/p/mongoose/source/diff?spec=svn556f4de91eae4bac40dc5d4ddbd9ec7c424711d0&r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0&format=side&path=/mongoose.c --Aquini mongoose-3.0-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc14 mongoose-3.0-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc15 mongoose-3.0-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc16 Package mongoose-3.0-2.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mongoose-3.0-2.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/mongoose-3.0-2.fc16 then log in and leave karma (feedback). mongoose-2.8-7.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/mongoose-2.8-7.el5 mongoose-2.8-7.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/mongoose-2.8-7.el6 mongoose-3.0-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. mongoose-3.0-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. mongoose-3.0-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. mongoose-2.8-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. mongoose-2.8-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. |