Chicken, a compiler for the Scheme programming language, is found to have a buffer overrrun flaw due to the read-string! procedure from the "extras" unit, when used in a particular way. It was found that there was a missing check for the situation when NUM was at #f (the scheme value for false) in the buffer as the buffer size, then it will read beyond the buffer until the input port is exhausted. This may result in a DoS or a remote code execution. Though currently all stable releases are vulnerable to this flaw, there is a simple workaround to be used in code that uses read-string!: simply convert all (read-string! #f buf ...) invocations to (read-string! (string-length buf) buf ...) or, if possible, use the non-destructive read-string procedure from the same unit. References: http://seclists.org/oss-sec/2013/q3/677 http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724740 http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
Created chicken tracking bugs for this issue: Affects: fedora-all [bug 1012977] Affects: epel-6 [bug 1012979]
chicken-4.8.0.4-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.