Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 469392 (CVE-2013-2075) - <dev-scheme/chicken-4.8.0.3-r1: Incomplete fix for CVE-2012-6122 (CVE-2013-2075)
Summary: <dev-scheme/chicken-4.8.0.3-r1: Incomplete fix for CVE-2012-6122 (CVE-2013-2075)
Status: RESOLVED FIXED
Alias: CVE-2013-2075
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 476172
Blocks:
  Show dependency tree
 
Reported: 2013-05-11 09:53 UTC by Agostino Sarubbo
Modified: 2013-08-30 10:03 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-11 09:53:56 UTC
From ${URL} :

I'd like to request a CVE for a select() fd_set buffer overrun problem
in CHICKEN Scheme before 4.8.2 and all stable versions up to and
including 4.8.0.3, on non-Windows systems.

The bug exists due to an incomplete fix for CVE-2012-6122.  Originally,
only the userland thread scheduler's use of select() was rewritten to
use POSIX poll().  It was later discovered by Florian Zumbiehl and Joerg
Wittenberger that select() was still being used in three other places.

This bug is remotelye xploitable in networking code, under the right
conditions (if the "ulimit -n" value exceeds FD_SETSIZE).

The announcement can be found at
http://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html

There are two commits which together fix the bug:
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091



@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
Comment 1 Michael Weber (RETIRED) gentoo-dev 2013-07-08 13:41:27 UTC
+*chicken-4.8.0.3-r1 (08 Jul 2013)
+
+  08 Jul 2013; Michael Weber <xmw@gentoo.org> +chicken-4.8.0.3-r1.ebuild,
+  +files/chicken-4.8.0.3-CVE-2013-1874.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2024.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2075_1.patch,
+  +files/chicken-4.8.0.3-CVE-2013-2075_2.patch:
+  Revbump to include security patches (bugs 462458, 469392, 467966)
+
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-29 17:15:35 UTC
GLSA vote: no.
Comment 3 Sergey Popov gentoo-dev 2013-08-30 09:44:09 UTC
GLSA vote: no

Closing as noglsa