Bug 193095 - net-libs/opal <2.2.11 dev-libs/pwlib: Two DoS vulnerabilitues in Ekiga (CVE-2007-{4897,4924})
Bug#: 193095 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
Summary: net-libs/opal <2.2.11 dev-libs/pwlib: Two DoS vulnerabilitues in Ekiga (CVE-2007-{4897,4924})
Keywords:  
Status Whiteboard: B3 [noglsa]
Opened: 2007-09-19 17:13 0000
Description:   Opened: 2007-09-19 17:13 0000 
From RedHat:
  José Miguel Esparza discovered that insufficient input validation is
  performed on SIP protocol header field 'Content-Length' by opal library
  used by ekiga. This flaw can be used to write '\0' byte to
  attacker-controlled address and crash ekiga.  Ekiga 2.0.10 using opal
  library 2.2.10 was released to address this issue.

I am not aware whether the versions in our tree are affected, the patch linked
to at the RedHat bug references a code that is not in in opal-2.2.8.
( https://bugzilla.redhat.com/296371 )

------- Comment #1 From Robert Buchholz 2007-09-19 17:14:52 0000 ------- 
Whiteboard and cc'ing maintainers.

voip, please advise and patch as necessary.

------- Comment #2 From Robert Buchholz 2007-09-24 22:10:32 0000 ------- 
voip, please advise.

------- Comment #3 From Jakub Moc (RETIRED) 2007-10-01 19:37:50 0000 ------- 
*** Bug 194434 has been marked as a duplicate of this bug. ***

------- Comment #4 From Robert Buchholz 2007-10-02 08:02:25 0000 ------- 
voip, please advise.

------- Comment #5 From Jakub Moc (RETIRED) 2007-10-08 08:08:08 0000 ------- 
*** Bug 195068 has been marked as a duplicate of this bug. ***

------- Comment #6 From Martin Capitanio 2007-10-08 08:47:15 0000 ------- 
(In reply to comment #5)
> *** Bug 195068 has been marked as a duplicate of this bug. ***
> 
that is not "a duplicate of this bug", but actually a small patch
and ebuild bump for ekiga-2.0.11

(Jakube, as http://bugs.gentoo.org/buglist.cgi?quicksearch=%23ekiga
does't list it, nobody can probably find it.)

------- Comment #7 From Christian Faulhammer 2007-10-08 15:36:45 0000 ------- 
2.0.11 for both are in the tree

------- Comment #8 From Robert Buchholz 2007-10-08 22:08:53 0000 ------- 
Created an attachment (id=132965) [details]
pwlib-1.10.1-vsprintf.patch

RedHat issued a pwlib advisory for CVE-2007-4897. The CVE info states that
Ekiga after 2.0.5 is not affected, which is false according to their bug.
https://bugzilla.redhat.com/292831

I'll attach the patch that was also applied to pwlib upstream, we should
include this. Sorry I didn't notice earlier.

------- Comment #9 From Robert Buchholz 2007-10-09 21:17:57 0000 ------- 
updated pwlib is in the tree now.

Arches, please test and mark stable:
* dev-libs/pwlib-1.10.10-r1
* net-libs/opal-2.2.6
* net-im/ekiga-2.0.11

Targets are: "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

Please also test that the new pwlib also works with its other rrdeps.

------- Comment #10 From Christian Faulhammer 2007-10-10 05:57:53 0000 ------- 
(In reply to comment #9)
> Arches, please test and mark stable:
> * net-libs/opal-2.2.6

 I think you mean opal 2.2.11?

------- Comment #11 From Christian Faulhammer 2007-10-10 08:11:44 0000 ------- 
x86 stable

------- Comment #12 From Robert Buchholz 2007-10-10 08:39:17 0000 ------- 
(In reply to comment #10)
> (In reply to comment #9)
> > Arches, please test and mark stable:
> > * net-libs/opal-2.2.6
> 
>  I think you mean opal 2.2.11?

Yes, my bad.

------- Comment #13 From Jeroen Roovers 2007-10-10 16:55:57 0000 ------- 
Stable for HPPA.

------- Comment #14 From Mike Doty 2007-10-11 07:07:28 0000 ------- 
* dev-libs/pwlib-1.10.10-r1
* net-libs/opal-2.2.6
* net-im/ekiga-2.0.11

amd64 stable

------- Comment #15 From Robert Buchholz 2007-10-11 09:37:47 0000 ------- 
(In reply to comment #14)
> * dev-libs/pwlib-1.10.10-r1
> * net-libs/opal-2.2.6
> * net-im/ekiga-2.0.11
> 
> amd64 stable

net-libs/opal-2.2.11 please. That was a typo up there.

------- Comment #16 From Markus Rothe 2007-10-11 09:44:19 0000 ------- 
ppc64 stable

------- Comment #17 From Raúl Porcel 2007-10-11 18:40:48 0000 ------- 
alpha/ia64/sparc stable

------- Comment #18 From Robert Buchholz 2007-10-11 20:23:11 0000 ------- 
amd64 done here.

------- Comment #19 From Tobias Scherbaum 2007-10-12 16:03:29 0000 ------- 
ppc stable, ready for glsa-voting

------- Comment #20 From Sune Kloppenborg Jeppesen 2007-10-17 18:36:14 0000 ------- 
I vote NO.

------- Comment #21 From Pierre-Yves Rofes 2007-10-17 22:16:46 0000 ------- 
voting no too, and closing.