Summary: | <dev-libs/newt-0.52.10-r1 doReflow() Heap-based buffer overflow (CVE-2009-2905) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | mescalinum, xmerlin | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-09-21 18:31:18 UTC
Created attachment 204853 [details, diff]
newt-CVE-2009-2905.patch
Upstream patch
Due to the limited exploitability of the issue and the short timeframe, I suggest not participating in coordinated disclosure. Let's fix this in the tree on Sept. 24 and wait until then. This is now public (c.f. https://bugzilla.redhat.com/show_bug.cgi?id=523955) CVE-2009-2905 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2905): Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box. Arches, please test and mark stable: =dev-libs/newt-0.52.10-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" *** Bug 281402 has been marked as a duplicate of this bug. *** amd64/arm/x86 stable Stable on alpha. Stable for HPPA. ia64/sparc stable ppc64 done ppc stable Bug ready to be fixed by security team. Request filed. Please remove vulnerable ebuilds. I still see newt-0.52.2.ebuild and newt-0.52.10.ebuild. GLSA draft filed. GLSA 201006-14 |