| Summary: | <dev-scheme/chicken-4.10.0: out-of-bounds read in CHICKEN Scheme's string-translate* procedure (CVE-2015-4556) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ewfalor, maksbotan, proxy-maint, scheme |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1231871 | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 467966 | ||
| Bug Blocks: | |||
cannot yet find any patch. I presume you mean revbump. The last release of chicken-4.9.0 was date 2014-11-18. That's 7 months ago now. According to the Description of 2015-06-15 10:13:44 EDT in https://bugzilla.redhat.com/show_bug.cgi?id=1231871 some patches were made available. Also CVE request: http://seclists.org/oss-sec/2015/q2/709 Awaiting proxy maintainer to acquire and runtest these. I'm preparing an ebuild for the latest CHICKEN release, 4.10.0 which addresses this, and all open dev-scheme/chicken issues. I have submitted an updated ebuild for the latest version of CHICKEN to bug #467966 Please use this bug to continue with the vulnerability as the other bug is in GLSA status. Setting status to stable? waiting for review of proxy maintainers. Maintainer(s), please advise if you when you are ready for stabilization or call for stabilization yourself. Please proceed with stabilization. Waiting on proxy maintainers to look over the ebuild and add it to tree, before calling for stabilization. Ping on Proxy Maintainers, have been a month. The bump declared in bug 467966. Passes basic runtest but the bump has been added for the benefit of these sec issues. Maintainer has yet to do improvements style and syntax outlined in that bug. Sec team proceed to call for stablilising as you see fit. Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201612-54 at https://security.gentoo.org/glsa/201612-54 by GLSA coordinator Thomas Deutschmann (whissi). |
From ${URL} : It was discovered that the string-translate* procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate*. This issue was fixed in master 8a46020, and it will make its way into CHICKEN 4.10. This bug is present in all released versions of CHICKEN. Upstream patches: http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/txtHKRTbJy12t.txt CVE request: http://seclists.org/oss-sec/2015/q2/709 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.