[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] rpm/librpm/rpm-python memory corruption pre-verification
From:       yersinia <yersinia.spiros () gmail ! com>
Date:       2011-09-28 11:07:58
Message-ID: CAH5b-BVOY7gD-tAzjXFnPEm2Lo2i1mRLeiHpW=L2jWQB17MC0w () mail ! gmail ! com
[Download RAW message or body]


On Tue, Sep 27, 2011 at 8:52 PM, Tavis Ormandy <taviso@cmpxchg8b.com> wrote:

>
> Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at
> rpm signature verification. Some trivial bitflipping found a few memory
> corruption issues.
>
> Originally I didn't think yum used rpm, but i was wrong, rpm-python is a
> native module wrapper that exports librpm to python. I'll step through the
> signature verification logic when I get a chance.
>
> Obviously we need the sections of rpm code touched before signature
> verification to be bulletproof, as most distributions rely on public mirror
> services that may or may not be trusted. Any volunteers who know crypto
> better than me appreciated, I'll be primarily looking for memory
> corruption.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=741606
> https://bugzilla.redhat.com/show_bug.cgi?id=741612
>
> These bugs don't affect IMHO rpm5 : i have updated the bugzilla with these
infos. Best Regards

> Tavis.
>
> --
> -------------------------------------
> taviso@cmpxchg8b.com | pgp encrypted mail preferred
> -------------------------------------------------------
>
>


[prev in list] [next in list] [prev in thread] [next in thread]