Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120403154534.45da1a26@redhat.com>
Date: Tue, 3 Apr 2012 15:45:34 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Fw: [vs] RPM issues

Hi!

The mail below was posted to linux-distros@ list a week ago.  These
issues are now public, with all patches in upstream git:

CVE-2012-0815
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=6fc6b45bf9fef0f17a2900c6c5198bda5e50d09e

CVE-2012-0060
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29

CVE-2012-0061
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6



Begin forwarded message:

Date: Tue, 27 Mar 2012 13:44:21 +0200
From: Tomas Hoger <thoger@...hat.com>
To: linux-distros@...openwall.org
Subject: [vs] RPM issues

Hi!

Recently, we have put some effort into fuzzing (Ramon de C Valle) and
fixing (Panu Matilainen) RPM which resulted in fixes for couple of
problems that exist on the code paths reachable before signature
verification (when using rpm or package manager as yum).  Following
CVEs were assigned, along with mapping to attached patches (for 4.8.x):

CVE-2012-0815 incorrect handling of negated offsets in
headerVerifyInfo()
region-trailer.patch

CVE-2012-0060 insufficient validation of region tags
headerload-region.patch
pkgread-region.patch

CVE-2012-0061 improper validation of header contents total size in
headerLoad()
region-size.patch
Note: this fix is already in upstream git:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6

We plan to make these public next Tue, Apr3.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.