Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1478373 - (CVE-2017-7555) CVE-2017-7555 augeas: Improper handling of escaped strings leading to memory corruption
CVE-2017-7555 augeas: Improper handling of escaped strings leading to memory ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20170817,repo...
: Security
Depends On: 1475621 1481545 1481546 1482340 1483825 1483826 1483913
Blocks: 1478377
  Show dependency treegraph
 
Reported: 2017-08-04 09:07 EDT by Adam Mariš
Modified: 2017-09-25 20:21 EDT (History)
29 users (show)

See Also:
Fixed In Version: augeas 1.8.1
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-09-25 20:21:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Github hercules-team/augeas/pull/480 None None None 2017-08-31 09:01 EDT
Red Hat Product Errata RHSA-2017:2788 normal SHIPPED_LIVE Important: augeas security update 2017-09-21 11:36:59 EDT

  None (edit)
Description Adam Mariš 2017-08-04 09:07:59 EDT 
It was found that augeas does incorrect escaping in aug_escape_name() function causing denial-of-service.

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1475621
Comment 1 Adam Mariš 2017-08-04 09:08:09 EDT 
Acknowledgments:

Name: Han Han (Red Hat)
Comment 2 Doran Moppert 2017-08-10 03:33:34 EDT 
Upstream patch:

https://github.com/hercules-team/augeas/pull/480
Comment 7 Doran Moppert 2017-08-17 00:50:40 EDT 
Since the patch is already public, going for immediate disclosure on this.  Rated as Important due to exposure in libvirtd.

The above patch includes good test coverage, so no further test/repro is required for QE.
Comment 8 Doran Moppert 2017-08-17 00:51:18 EDT 
Created augeas tracking bugs for this issue:

Affects: fedora-all [bug 1482340]
Comment 9 Doran Moppert 2017-08-17 22:30:50 EDT 
Upstream release 1.8.1 contains the fix for this issue:

https://github.com/hercules-team/augeas/releases/tag/release-1.8.1

Tarball available from:

http://download.augeas.net/
Comment 13 errata-xmlrpc 2017-09-21 07:37:41 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2788 https://access.redhat.com/errata/RHSA-2017:2788
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.