875181 – (CVE-2012-5854) CVE-2012-5854 weechat: Heap-based buffer overflow when decoding IRC colors

Bug 875181 (CVE-2012-5854) - CVE-2012-5854 weechat: Heap-based buffer overflow when decoding IRC colors

Summary: CVE-2012-5854 weechat: Heap-based buffer overflow when decoding IRC colors

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-5854
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-11-09 17:32 UTC by Florent Le Coz
Modified:	2019-09-29 12:57 UTC (History)
CC List:	5 users (show)
Fixed In Version:	weechat 0.3.9.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-21 09:32:45 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNU Savannah	37704	0	None	None	None	2012-11-09 17:32:45 UTC

Description Florent Le Coz 2012-11-09 17:32:45 UTC

A buffer overflow can be exploited using IRC colors.

The bug is fixed upstream: 
http://git.savannah.gnu.org/cgit/weechat.git/patch/?id=9453e81baa7935db82a0b765a47cba772aba730d

A 0.3.9.1 version is said to be released in the next few hours, but fedora 17 does include only version 0.3.8.

That fix should be backported to the version in the repository since this is a security issue.

Comment 1 Fedora Update System 2012-11-09 22:20:49 UTC

weechat-0.3.8-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/weechat-0.3.8-3.el6

Comment 2 Jan Lieskovsky 2012-11-10 12:25:21 UTC

Other references:
[1] http://weechat.org/
[2] http://weechat.org/security/

Relevant upstream patch:
[3] http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff;h=9453e81baa7935db82a0b765a47cba772aba730d

Comment 3 Jan Lieskovsky 2012-11-10 12:35:44 UTC

CVE Request:
[4] http://www.openwall.com/lists/oss-security/2012/11/10/4

Comment 4 Jan Lieskovsky 2012-11-10 12:41:03 UTC

The following updates have been scheduled to correct this issue:
1) weechat-0.3.8-3.el6 for Fedora EPEL 6 version,
2) weechat-0.3.8-3.fc16 for Fedora 16 version,
3) weechat-0.3.8-3.fc17 for Fedora 17 version,
4) weechat-0.3.8-3.fc18 for upcoming Fedora 18 version,
5) weechat-0.3.8-3.fc19 for Rawhide.

This issue did NOT affect the version of the weechat package, as shipped with Fedora EPEL 5 (weechat-0.2.6-1.el5 currently), as it did NOT contain vulnerable source code part yet.

Comment 5 Paul P Komkoff Jr 2012-11-10 14:52:19 UTC

Thanks, Jan. I was interrupted mid-building f16, didn't have a chance to push out the update until now.

Comment 6 Jan Lieskovsky 2012-11-12 11:11:00 UTC

(In reply to comment #5)
> Thanks, Jan. I was interrupted mid-building f16, didn't have a chance to
> push out the update until now.

No problem, Paul. Thank you for scheduling the builds (I will update this bug with CVE id yet once it got assigned).

Comment 7 Jan Lieskovsky 2012-11-12 17:45:06 UTC

The CVE identifier of CVE-2012-5854 has been assigned to this issue:
  http://www.openwall.com/lists/oss-security/2012/11/12/2

Comment 8 Vincent Danen 2012-11-13 17:13:44 UTC

The upstream bug:

https://savannah.nongnu.org/bugs/?37704

Also, please do not set these CVE bugs to MODIFIED state; they should remain as NEW until they are fixed.  Thanks.

Comment 9 Fedora Update System 2012-11-14 02:11:05 UTC

weechat-0.3.8-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2012-11-19 02:18:43 UTC

weechat-0.3.8-3.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-11-19 02:32:05 UTC

weechat-0.3.8-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2012-12-11 01:26:17 UTC

weechat-0.3.9.2-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2012-12-11 09:18:24 UTC

weechat-0.3.9.2-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2012-12-12 00:13:36 UTC

weechat-0.3.9.2-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2012-12-19 18:34:58 UTC

weechat-0.3.9.2-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Peter Borsa 2013-03-21 06:50:01 UTC

Jan, Vincent,

can we close this issue because weechat 0.4.0 is in the stable repositories?

Comment 17 Jan Lieskovsky 2013-03-21 09:32:45 UTC

(In reply to comment #16)
> Jan, Vincent,
> 
> can we close this issue because weechat 0.4.0 is in the stable repositories?

Thank you for checking, Peter, I have verified this if corrected in all weechat packages across Fedora EPEL-5, Fedora EPEL-6, Fedora release of 17, and 18 products.

So yes, this one can be closed safely.

Regards, Jan.

Note You need to log in before you can comment on or make changes to this bug.