[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] rpm/librpm/rpm-python memory corruption
From: nicolas vigier <boklm () mars-attacks ! org>
Date: 2011-09-29 13:25:40
Message-ID: 20110929132540.GJ21938 () mars-attacks ! org
[Download RAW message or body]
On Tue, 27 Sep 2011, Tavis Ormandy wrote:
>
> Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at
> rpm signature verification. Some trivial bitflipping found a few memory
> corruption issues.
>
> Originally I didn't think yum used rpm, but i was wrong, rpm-python is a
> native module wrapper that exports librpm to python. I'll step through the
> signature verification logic when I get a chance.
>
> Obviously we need the sections of rpm code touched before signature
> verification to be bulletproof, as most distributions rely on public mirror
> services that may or may not be trusted. Any volunteers who know crypto
> better than me appreciated, I'll be primarily looking for memory corruption.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=741606
> https://bugzilla.redhat.com/show_bug.cgi?id=741612
Patches on rpm git :
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic