pspp-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pspp - cve-2017-10791 - cve-2017-10792

From: Ben Pfaff
Subject: Re: pspp - cve-2017-10791 - cve-2017-10792
Date: Tue, 4 Jul 2017 13:14:13 -0400
User-agent: Mutt/1.5.23 (2014-03-12) 
I applied fixes for both of these bugs to the PSPP repository, as the
following commits.  The fixes will be in the next PSPP release.

commit 41c6f5447941e5d36d0554ba874671649353752f
Author: Ben Pfaff <address@hidden>
Date:   Tue Jul 4 12:58:55 2017 -0400

    sys-file-reader: Fix integer overflows in 
parse_long_string_missing_values().
    
    Crafted system files caused integer overflow errors that in turn caused
    aborts.  This fixes the problem.
    
    CVE-2017-10791.
    See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
    See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
    See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
    Found by team OWL337, using the collAFL fuzzer.

commit bf03b53a3c0f0d1066062f37919015a8fa6ad436
Author: Ben Pfaff <address@hidden>
Date:   Tue Jul 4 12:54:47 2017 -0400

    sys-file-reader: Avoid null dereference skipping bad extension record 18.
    
    read_record() assumed that read_extension_record() never set its output
    argument to NULL when it returned true, but this is possible in an error
    case.
    
    CVE-2017-10792.
    See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
    See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
    See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
    Reported by team OWL337, with fuzzer collAFL.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]