First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 232005
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
yacc-skeleton.c-CVE-2008-3196.patch yacc-skeleton.c-CVE-2008-3196.patch patch Robert Buchholz 2008-07-16 21:55 0000 1.15 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 232005 depends on: Show dependency tree
Bug 232005 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-07-16 21:20 0000 
CVE-2008-3196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3196):
  skeleton.c in yacc does not properly handle reduction of a rule with an empty
  right hand side, which allows context-dependent attackers to cause an
  out-of-bounds stack access when the yacc stack pointer points to the end of
  the stack.

------- Comment #1 From Robert Buchholz 2008-07-16 21:22:40 0000 ------- 
OpenBSD Patch:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29

------- Comment #2 From Robert Buchholz 2008-07-16 21:30:23 0000 ------- 
This might also affect
 dev-util/byacc
 dev-util/btyacc
 sys-freebsd/freebsd-ubin
 dev-lang/ocaml

------- Comment #3 From Robert Buchholz 2008-07-16 21:55:49 0000 ------- 
Created an attachment (id=160604) [edit]
yacc-skeleton.c-CVE-2008-3196.patch

------- Comment #4 From Robert Buchholz 2008-07-16 21:57:57 0000 ------- 
ocaml was a false positive

------- Comment #5 From Robert Buchholz 2008-07-16 22:03:54 0000 ------- 
same for btyacc.
byacc is affected, so we have two maintainer-needed packages for this.

Since yacc input should be trusted input anyway (it will create code to be
run), I am tempted to call this a non-issue.

------- Comment #6 From Robert Buchholz 2008-10-04 18:57:54 0000 ------- 
I have bumped the two packages, let's stable this on 2008-10-11 if no bugs pop
up.

------- Comment #7 From Robert Buchholz 2008-10-22 19:14:54 0000 ------- 
Arches, please test and mark stable:
=dev-util/yacc-1.9.1-r4
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

=dev-util/byacc-1.9-r2
Target keywords : "alpha amd64 ia64 ppc ppc64 s390 sparc x86"

------- Comment #8 From Ferris McCormick 2008-10-22 19:41:58 0000 ------- 
Sparc stable for yacc-1.9.1-r4 and byacc-1.9-r2.  I also fixed a couple quoting
problems ${FILESDIR} --> "${FILESDIR}" in byacc-1.9-r2 (I didn't bother with
-1.9 or 1-9-r1).

Curious that even though yacc is part of the originil Unix, I think, it still
does not come with a test phase.

------- Comment #9 From Markus Meier 2008-10-23 18:23:48 0000 ------- 
amd64/x86 stable

------- Comment #10 From Tobias Scherbaum 2008-10-23 18:34:32 0000 ------- 
ppc stable

------- Comment #11 From Raúl Porcel 2008-10-24 09:05:09 0000 ------- 
alpha/ia64 stable

------- Comment #12 From Jeroen Roovers 2008-10-24 21:52:42 0000 ------- 
Stable for HPPA.

------- Comment #13 From Brent Baude 2008-10-27 20:04:55 0000 ------- 
ppc64 done

------- Comment #14 From Tobias Heinlein 2008-11-05 08:49:03 0000 ------- 
Ready for vote, I vote NO.

------- Comment #15 From Pierre-Yves Rofes 2008-11-05 11:23:14 0000 ------- 
voting NO too and closing.
First Last Prev Next    No search results available      Search page      Enter new bug