| Summary: |
<dev-scheme/chicken-4.8.0.3-r1: Incomplete fix for CVE-2012-6122 (CVE-2013-2075) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
ewfalor, maksbotan, proxy-maint
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
http://www.openwall.com/lists/oss-security/2013/05/08/3
|
| Whiteboard: |
B3 [noglsa] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
| Bug Depends on: |
476172
|
|
|
| Bug Blocks: |
|
|
|
From ${URL} : I'd like to request a CVE for a select() fd_set buffer overrun problem in CHICKEN Scheme before 4.8.2 and all stable versions up to and including 4.8.0.3, on non-Windows systems. The bug exists due to an incomplete fix for CVE-2012-6122. Originally, only the userland thread scheduler's use of select() was rewritten to use POSIX poll(). It was later discovered by Florian Zumbiehl and Joerg Wittenberger that select() was still being used in three other places. This bug is remotelye xploitable in networking code, under the right conditions (if the "ulimit -n" value exceeds FD_SETSIZE). The announcement can be found at http://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html There are two commits which together fix the bug: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7 http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not