Bug 114310 - CAN-2004-0097 PWlib/OpenH323 vulnerabilities
CAN-2004-0097 PWlib/OpenH323 vulnerabilities
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: pwlib (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
http://www.postincrement.com/openh323...
: Security
: 115563 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-26 10:15 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-15 06:37:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-01-26 10:15:02 EST
Vulnerabilities in PWLib were found after running the NISCC OpenH323
test suite.

"Of the nearly 4500 tests in the suite, OpenH323 failed two of them,
which took three lines of code to fix. These pointed out several other
potential problems as well, so the total changes were about 20 lines." 

Fix:
http://cvs.sourceforge.net/viewcvs.py/openh323/pwlib/src/ptclib/asnper.cxx?r1=1.8&r2=1.6

CVE applied for (should be one name)
Comment 1 Alexander Larsson 2004-01-27 06:06:03 EST
I think this requires changes that are slightly different than the
ones the RHL9/AS needed, since its a slightly later version. Maybe we
should upgrade to the fixed version?
Comment 2 Mark J. Cox (Product Security) 2004-02-17 08:36:07 EST
*** Bug 115563 has been marked as a duplicate of this bug. ***
Comment 3 Leonard den Ottolander 2004-02-17 15:55:42 EST
As the patch from RHL 9 applies cleanly and the fix you applied seems
correct I don't see any reason to change the patch for use with FC1.
1.4.7 and 1.5.0 don't appear that much different at first sight.
Comment 4 Alexander Larsson 2004-02-20 07:06:30 EST
the test-update is out

Note You need to log in before you can comment on or make changes to this bug.