Dia format string vulnerabilities (new)
by Hans de Goede
Hi all,
A format string vulnerability in dia was reported in CVE-2006-2480, this
has lead me to taking a closer look at the use of formatstrings in dia.
Yesterday I checked all the uses of:
dia's message* funcs
g_print
g_message
g_warning
dia_assert_true
And reported my findings to John Bressers (from RedHat) and Stanislav
Brabec <sbrabec(a)suse.cz>. John has assigned CVE-2006-2453 for the
additonal problems I found.
This morning I also checked (and found issues and fixed) all the uses of:
gtk_message_dialog_new
gtk_message_dialog_format_secondary_text
g_error
I've attached a patch fixing all issues I found. New as of this morning
are the changes / fixes to:
app/display.c
app/filedlg.c
Regards,
Hans
p.s.
There could still be other vararg printf like functions in dia which I
didn't check. I'm in no way claiming this work is complete. With that
said I'm not planning on doing any more auditing for printf like
functions in dia in the near future.
17 years, 10 months
Fedora Extras 3
by Dennis Gilmore
Hey all I added a file for tracking FE3, Please also fill this in when
adding CVE's I coppied the fe4 file and went though it there is some issues
to be fixed in FE3 i've fixed some of them. and marked some needing fixing.
I have removed issues for packages not in FE3 cvs tree.
We have under a month to get FE3 up to scratch or support will be turned
off. I would like to see security only support for FE3 until legacy drops
support.
--
Dennis Gilmore, RHCE
Proud Australian
17 years, 10 months
cyrus-sasl pop3 buffer overflow
by Josh Bressers
I ran across this:
http://marc.theaimsgroup.com/?l=full-disclosure&m=114821239014171&w=2
The popsubfolders option seems to have been added after 2.3, FC5 may be
affected.
I ran the exploit against a copy of FC5, I got this in the log file:
May 21 20:26:51 bowser pop3[5075]: buffer overflow while canonicalizing
If someone who knows cyrus-imapd a little better could take a look at this
it would be appreciated. It's possible this is a 2.3.2 only issue (we ship
2.3.1 in FC5).
If nobody else gets to this, I'll try to take a better look tomorrow.
--
JB
17 years, 10 months
[Bug 191491] need to be able to cc bugs to fedora-security-list (fwd)
by Chris Ricker
ave has added an account for fedora-security-list(a)redhat.com to
Bugzilla, so you can now CC security-related bugs to that address
later,
chris
---------- Forwarded message ----------
Date: Wed, 17 May 2006 10:04:27 -0400
From: bugzilla(a)redhat.com
To: kaboom(a)oobleck.net
Subject: [Bug 191491] need to be able to cc bugs to fedora-security-list
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: need to be able to cc bugs to fedora-security-list
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191491
------- Additional Comments From dkl(a)redhat.com 2006-05-17 10:04 EST -------
fedora-security-list(a)redhat.com user has been added. I will mail the password
for that account to you in private email. The user can now be added to the Cc
list of bug reports.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
17 years, 10 months
CVE-2006 entries added
by Chris Ricker
FYI, I did a very simple and dumb (my specialty!) comparison of all the
packages in the FE5 CVS tree with the CVE-2006-* database
A couple of the packages I don't have time to enter right now (seamonkey
being the real biggie) but for the ones I had time to get to, I've updated
the fe4 and fe5 lists in CVS and filed bugzillas for a couple of packages
that appear to have unresolved vulnerabilities. Overall Fedora Extras
looked pretty good....
Packages which at least match between FE4 / FE5 and CVE-2006* that I've
not looked into fully yet:
bsd-games
clamav
nethack
seamonkey
wine
I'll get to them later in the week
Do people see a need to extend this back any further, or is CVE-2006 a
good line to draw as a beginning for when we track CVE?
later,
chris
17 years, 10 months