From https://bugzilla.redhat.com/show_bug.cgi?id=867790 : Description of problem: A buffer overflow in mcrypt version 2.6.8 and earlier due to long filenames. If a user were tricked into attempting to encrypt/decrypt specially crafted long filename(s), this flaw would cause a stack-based buffer overflow that could potentially lead to arbitrary code execution. Note that this is caught by FORTIFY_SOURCE, which renders this to being a crash-only bug on Fedora. There are currently no upstream patches for this flaw. Version-Release number of selected component (if applicable): mcrypt-2.6.8-9.el6 (possibly others too). How reproducible: Run mcrypt with ~128 byte long file names.
CVE-2012-4527 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4527): Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability. CVE-2012-4426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4426): Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.
Fixed in mcrypt-2.6.8-r2 (both CVEs)
(In reply to comment #2) > Fixed in mcrypt-2.6.8-r2 (both CVEs) What about bug 434112 ? You want to include another fix before stabilize?
Arches, please test and mark stable: =app-crypt/mcrypt-2.6.8-r2 Target keywords : "amd64 ppc sparc x86"
x86 stable
amd64 stable
sparc stable
ppc stable
Thanks, everyone. New GLSA request filed.
This issue was resolved and addressed in GLSA 201405-19 at http://security.gentoo.org/glsa/glsa-201405-19.xml by GLSA coordinator Sean Amoss (ackle).