Bug 1199049 (CVE-2015-2675) - CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url
Summary: CVE-2015-2675 rest: memory corruption when using oauth because of implicit de...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-2675
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20140903,reported=2...
Depends On: 1183982 1204682 1249682
Blocks: 1199051 1210268
TreeView+ depends on / blocked
 
Reported: 2015-03-05 11:53 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library.
Clone Of:
Environment:
Last Closed: 2015-11-20 05:28:25 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2237 normal SHIPPED_LIVE Low: rest security update 2015-11-19 09:00:16 UTC

Description Vasyl Kaigorodov 2015-03-05 11:53:29 UTC
It was reported [1] that the OAuth implementation in librest, a helper library for RESTful services part of the GNOME project, incorrectly truncates the pointer returned by the rest_proxy_call_get_url function call, leading to an application crash, or worse.

Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1183982

Comment 1 Vasyl Kaigorodov 2015-03-23 11:13:07 UTC
Created rest tracking bugs for this issue:

Affects: fedora-all [bug 1204682]

Comment 3 Peter Robinson 2015-10-04 02:42:28 UTC
Vasyl: why is this a bug in Fedora?

The commit referenced landed upstream in September 2015, we're running 0.7.93 across all current Fedora releases (21 ->24) which was released with the fix in March 2015. It's also referenced in comment 2 [1] in the upstream bug that this was fixed upstream

[1] https://bugzilla.gnome.org/show_bug.cgi?id=742644#c2

Comment 4 Vasyl Kaigorodov 2015-10-05 11:25:14 UTC
(In reply to Peter Robinson from comment #3)
> Vasyl: why is this a bug in Fedora?
> 
> The commit referenced landed upstream in September 2015, we're running
> 0.7.93 across all current Fedora releases (21 ->24) which was released with
> the fix in March 2015. It's also referenced in comment 2 [1] in the upstream
> bug that this was fixed upstream
> 
> [1] https://bugzilla.gnome.org/show_bug.cgi?id=742644#c2

Peter, it was an issue for Fedora when this flaw bug was filed, see https://bugzilla.redhat.com/show_bug.cgi?id=1204682 (Fedora security tracker bug for this issue).
I.e. - Fedora was affected, the problem was resolved in BZ 1204682, no further actions required from Fedora side.
Hope this answers your question.

Comment 5 Peter Robinson 2015-10-05 13:37:26 UTC
Not sure why I only just got alerts then, all of the emails dated a few days ago, didn't take note of the dates in the actual BZ bits above

Comment 6 Siddharth Sharma 2015-10-05 13:51:29 UTC
(In reply to Peter Robinson from comment #5)
> Not sure why I only just got alerts then, all of the emails dated a few days
> ago, didn't take note of the dates in the actual BZ bits above

Hi Peter,

CVE/Flaw bugs are not supposed to be closed until all affected products are fixed. May be you wanted to close bug that was opened for Fedora.

Comment 7 Peter Robinson 2015-10-05 14:00:22 UTC
> CVE/Flaw bugs are not supposed to be closed until all affected products are
> fixed. May be you wanted to close bug that was opened for Fedora.

Close what ever ones you want, it's not a problem in Fedora.

Comment 8 errata-xmlrpc 2015-11-19 08:33:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2237 https://rhn.redhat.com/errata/RHSA-2015-2237.html


Note You need to log in before you can comment on or make changes to this bug.