Summary: | <net-vpn/openconnect-8.05: buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | floppym, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-vpn/openconnect-8.05
app-crypt/trousers-0.3.14-r1 ppc64
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-09-24 11:50:30 UTC
From $URL: Lukas Kupczyk of the Advanced Research Team at CrowdStrike Intelligence found a buffer overflow in HTTP chunked encoding handling, when the chunk length was mishandled. This is CVE-2019-16239, and has existed since 2008 when I first lamented the fact that I had to do my own HTTP code because none of the existing libraries let me have enough control over the underlying TLS connection. Upstream fix: https://github.com/openconnect/openconnect/commit/875f0a65ab73f4fb581ca870fd3a901bd278f8e8 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03a4ff7f436c614eb562a8c437614f1911f97a77 commit 03a4ff7f436c614eb562a8c437614f1911f97a77 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2019-09-24 19:26:05 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-09-24 19:26:26 +0000 net-vpn/openconnect: bump to 8.05 Bug: https://bugs.gentoo.org/695528 Package-Manager: Portage-2.3.75_p7, Repoman-2.3.17_p49 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-vpn/openconnect/Manifest | 1 + net-vpn/openconnect/openconnect-8.05.ebuild | 160 ++++++++++++++++++++++++++++ 2 files changed, 161 insertions(+) An automated check of this bug failed - repoman reported dependency errors (11 lines truncated):
> dependency.bad net-vpn/openconnect/openconnect-8.05.ebuild: DEPEND: ppc64(default/linux/powerpc/ppc64/17.0/64bit-userland) ['app-crypt/trousers']
> dependency.bad net-vpn/openconnect/openconnect-8.05.ebuild: RDEPEND: ppc64(default/linux/powerpc/ppc64/17.0/64bit-userland) ['app-crypt/trousers']
> dependency.bad net-vpn/openconnect/openconnect-8.05.ebuild: DEPEND: ppc64(default/linux/powerpc/ppc64/17.0/64bit-userland/desktop) ['app-crypt/trousers']
amd64 stable x86 stable ppc64 stable arm64 stable arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ae1571cbe26190be76b917bf5f450c68c3481d8 commit 7ae1571cbe26190be76b917bf5f450c68c3481d8 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2019-12-09 19:54:14 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2019-12-09 19:54:14 +0000 net-vpn/openconnect: remove old Bug: https://bugs.gentoo.org/695528 Package-Manager: Portage-2.3.80_p5, Repoman-2.3.19_p4 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-vpn/openconnect/Manifest | 6 - net-vpn/openconnect/metadata.xml | 1 - net-vpn/openconnect/openconnect-7.08-r1.ebuild | 162 ------------------------- net-vpn/openconnect/openconnect-8.02.ebuild | 160 ------------------------ net-vpn/openconnect/openconnect-8.03.ebuild | 160 ------------------------ 5 files changed, 489 deletions(-) Tree is clean. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |