Summary: | <app-crypt/gnupg-2.0.16-r1: GPGSM use after free (CVE-2010-2547) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | cilly <cilly> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | crypto+disabled, eras, H4xX0Rz1sT | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
cilly
2010-07-23 14:12:01 UTC
gnupg-1.x is not affected *** Bug 329587 has been marked as a duplicate of this bug. *** adding maintainers to cc Created attachment 240285 [details, diff]
Patch for Realloc Bug with X.509 certificates in GnuPG <2.0.17
http://secunia.com/advisories/38877/ Exploit is public. CVE-2010-2547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2547): Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. There is NO 2.0.17 on the master upstream site or any of the mirrors, nor any announcement emails of it on the upstream lists. I have spun a 2.0.16-r1 with the patch instead. Stabilize app-crypt/gnupg-2.0.16-r1. alpha, ia64, s390, sh and sparc need to first perform stabilizations in bug #320037. x86 stable Stable for HPPA. Stable for PPC. amd64 done arm stable ppc64 done Stable on alpha. ia64/s390/sh/sparc stable glsa request filed. Typed into the wrong window. Really. Sorry! I need sleep. This issue was resolved and addressed in GLSA 201110-15 at http://security.gentoo.org/glsa/glsa-201110-15.xml by GLSA coordinator Tim Sammut (underling). |