Bug 438382 - CVE-2008-1552 libsilc buffer overflow from PKCS#1 message decoding
CVE-2008-1552 libsilc buffer overflow from PKCS#1 message decoding
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: libsilc (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Stu Tomlinson
Fedora Extras Quality Assurance
http://silcnet.org/docs/release/SILC%...
source=redhat,reported=20080321,publi...
: Security
Depends On:
Blocks: CVE-2008-1552
  Show dependency treegraph
 
Reported: 2008-03-20 13:43 EDT by Stu Tomlinson
Modified: 2008-04-08 16:04 EDT (History)
2 users (show)

See Also:
Fixed In Version: libsilc-1.1.7-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-08 16:04:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Stu Tomlinson 2008-03-20 13:43:33 EDT
Description of problem:

SILC Toolkit contains a possible buffer overflow from PKCS#1 message decoding in
versions earlier than 1.1.7. Specially crafted digital signature can be used to
crash the program.

I plan to update to SILC Toolkit 1.1.7 in rawhide, and backport the patch to
1.0.2 in Fedora 7 & Fedora 8.
Comment 1 Lubomir Kundrak 2008-03-21 10:49:17 EDT
This is public, no need to mark it Security sensitive.
CVE name was requested.
Comment 2 Fedora Update System 2008-03-21 12:56:15 EDT
libsilc-1.0.2-6.fc7 has been submitted as an update for Fedora 7
Comment 3 Fedora Update System 2008-03-21 12:56:16 EDT
libsilc-1.0.2-6.fc8 has been submitted as an update for Fedora 8
Comment 4 Fedora Update System 2008-03-21 18:14:05 EDT
libsilc-1.0.2-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2008-03-21 18:17:34 EDT
libsilc-1.0.2-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Lubomir Kundrak 2008-03-24 06:16:09 EDT
This is just a crash, probably caught by FORTIFY_SOURCE. No arbitrary code
execution possible.
Comment 7 David Juran 2008-03-25 05:23:11 EDT
Somehow libsilc-1.0.2-6.fc8 doesn't seem to have made it into F8...
Comment 8 Lubomir Kundrak 2008-04-08 16:00:04 EDT
Final Freeze is in effect now. Security fixes almost certainly warrant a freeze
break, so in case you build a fix for this, mail release engineering as
described here: [2]

[1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html
[2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy

Thanks!
Comment 9 Stu Tomlinson 2008-04-08 16:04:46 EDT
The fix for this is in libsilc-1.1.7-1, which has been in rawhide for a while
now. The updates for Fedora 7 and Fedora 8 have already gone out too.

Note You need to log in before you can comment on or make changes to this bug.