[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] rpm/librpm/rpm-python memory corruption
From:       nicolas vigier <boklm () mars-attacks ! org>
Date:       2011-09-29 13:25:40
Message-ID: 20110929132540.GJ21938 () mars-attacks ! org
[Download RAW message or body]

On Tue, 27 Sep 2011, Tavis Ormandy wrote:

> 
> Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at
> rpm signature verification. Some trivial bitflipping found a few memory
> corruption issues.
> 
> Originally I didn't think yum used rpm, but i was wrong, rpm-python is a
> native module wrapper that exports librpm to python. I'll step through the
> signature verification logic when I get a chance.
> 
> Obviously we need the sections of rpm code touched before signature
> verification to be bulletproof, as most distributions rely on public mirror
> services that may or may not be trusted. Any volunteers who know crypto
> better than me appreciated, I'll be primarily looking for memory corruption.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=741606
> https://bugzilla.redhat.com/show_bug.cgi?id=741612

Patches on rpm git :
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656

[prev in list] [next in list] [prev in thread] [next in thread]