Open Source Software security discussions, including joint development and review of security patches ()

Eugene Teo | 1 Nov 2011 01:09

Picon

CVE request: kernel: oom: fix integer overflow of points in oom_badness

An integer overflow will happen on 64bit archs if task's sum of rss,
swapents and nr_ptes exceeds (2^31)/1000 value. This was introduced by
commit f755a04 oom: use pte pages in OOM score. This can cause a denial
of service.

https://lkml.org/lkml/2011/10/31/138

Eugene
--

-- 
Eugene Teo / Red Hat Security Response Team

Kurt Seifried | 1 Nov 2011 02:05

Picon

Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness

On 10/31/2011 06:09 PM, Eugene Teo wrote:
> An integer overflow will happen on 64bit archs if task's sum of rss,
> swapents and nr_ptes exceeds (2^31)/1000 value. This was introduced by
> commit f755a04 oom: use pte pages in OOM score. This can cause a denial
> of service.
>
> https://lkml.org/lkml/2011/10/31/138
>
> Eugene
Please use CVE-2011-4097 for this issue

--

-- 

-Kurt Seifried / Red Hat Security Response Team

Huzaifa Sidhpurwala | 1 Nov 2011 16:24

Picon

libcap/capsh: does not chdir after chroot

Hi All,

It was found that capsh program, usually shipped with the libcap
package, did not do a chdir("/") after calling chroot, when called with
a "--chroot" option. This resulted in the current directory being
outside the chroot.

This has been assigned CVE-2011-4099

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=722694

--

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

David Black | 1 Nov 2011 18:11

CVE request for Django-piston and Tastypie

"It was discovered that both Piston and Tastypie share a similar
vulnerability with respect to their de-serialization of YAML post
data. Both Piston and Tastypie used the yaml.load method, which is
unsafe. In certain circumstances this could be used to allow remote
execution of arbitrary code." [0]

Can a CVE be assigned to both Tastypie and Django-piston regarding
these issues ?

[0] https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/

Kurt Seifried | 1 Nov 2011 20:15

Picon

Re: CVE request for Django-piston and Tastypie

On 11/01/2011 11:11 AM, David Black wrote:
> y with respect to their de-serialization of YAML post
> data. Both Piston and Tastypie used the yaml.load method, which is
> unsafe. In certain
Can you please send me links for Piston and Tastypie announcements/code
commits showing the vuln please? Thanks.

--

-- 

-Kurt Seifried / Red Hat Security Response Team

Vincent Danen | 1 Nov 2011 22:51

Picon

CVE request for wireshark flaws

Can I get CVEs assigned to the following wireshark flaws?

1) An uninitialized variable in the CSN.1 dissector could cause a crash.

Affects: 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
https://bugzilla.redhat.com/show_bug.cgi?id=750643

2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
the Infiniband dissector could dereference a NULL pointer.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
https://bugzilla.redhat.com/show_bug.cgi?id=750645

3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-19.html

(Continue reading)

Vincent Danen | 1 Nov 2011 22:58

Picon

Re: CVE request for Django-piston and Tastypie

* [2011-11-01 13:15:53 -0600] Kurt Seifried wrote:

>On 11/01/2011 11:11 AM, David Black wrote:
>> y with respect to their de-serialization of YAML post
>> data. Both Piston and Tastypie used the yaml.load method, which is
>> unsafe. In certain
>Can you please send me links for Piston and Tastypie announcements/code
>commits showing the vuln please? Thanks.

Can't speak for Tastypie (we don't ship it so I didn't look), but for
Piston:

https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
https://bugzilla.redhat.com/show_bug.cgi?id=750658

There is no Piston announcement that I can see.

--

-- 
Vincent Danen / Red Hat Security Response Team

Kurt Seifried | 1 Nov 2011 23:03

Picon

Re: CVE request for wireshark flaws

For the record: this is a *perfect* CVE request =). It's descriptive, it
has versions, it has all the links to verify it with the original
sources, all that good stuff.

On 11/01/2011 03:51 PM, Vincent Danen wrote:
> Can I get CVEs assigned to the following wireshark flaws?
>
>
> 1) An uninitialized variable in the CSN.1 dissector could cause a crash.
>
> Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-17.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
> https://bugzilla.redhat.com/show_bug.cgi?id=750643
>
Please use CVE-2011-4100 for this.

>
> 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
> the Infiniband dissector could dereference a NULL pointer.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-18.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500

(Continue reading)

Kurt Seifried | 1 Nov 2011 23:27

Picon

Re: CVE request for Django-piston and Tastypie

On 11/01/2011 03:58 PM, Vincent Danen wrote:
> * [2011-11-01 13:15:53 -0600] Kurt Seifried wrote:
>
>> On 11/01/2011 11:11 AM, David Black wrote:
>>> y with respect to their de-serialization of YAML post
>>> data. Both Piston and Tastypie used the yaml.load method, which is
>>> unsafe. In certain
>> Can you please send me links for Piston and Tastypie announcements/code
>> commits showing the vuln please? Thanks.
>
> Can't speak for Tastypie (we don't ship it so I didn't look), but for
> Piston:
>
> https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
> https://bugzilla.redhat.com/show_bug.cgi?id=750658
>
> There is no Piston announcement that I can see.
>
Please use CVE-2011-4103 for the Piston yaml.load issue.

--

-- 

-Kurt Seifried / Red Hat Security Response Team

David Black | 2 Nov 2011 02:35

Re: CVE request for Django-piston and Tastypie

The Tastypie announcement can be found at
http://groups.google.com/group/django-tastypie/browse_thread/thread/8b668d1831d35012

and the patch to fix this bug can be found at
https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2

Group

gmane.comp.security.oss.general.

Project Web Page

Open Source Software security discussions, including joint development and review of security patches ()

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 26

Articles in period: 252

November 2011

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

CVE-2013-2073 transifex-client: Does not validate HTTPS server certifi (22 May 2013)
Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability (22 May 2013)
CVE request: MediaWiki chunked uploads vulnerability (22 May 2013)
CVE request: dovecot : "APPEND" Parameters Processing Denial of Servic (21 May 2013)
Moodle security notifications public (21 May 2013)
CVE assignments for Wireshark 1.8.7 and 1.6.15 (21 May 2013)
tty-hijacking & CVE-2005-4890 - redux (20 May 2013)
CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes (20 May 2013)
More zPanel security flaws? Trying to sort them out (19 May 2013)
Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability (17 May 2013)
Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontr (17 May 2013)
CVE Request: WebAuth: Authentication credential disclosure (16 May 2013)
CVE request: WordPress plugin wp-cleanfix CSRF (16 May 2013)
CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due so (16 May 2013)
CVE request: WordPress plugin mail-on-update CSRF (16 May 2013)
[OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096 (16 May 2013)
CVE-2013-2097: zPanel themes remote command execution as root (16 May 2013)
CVE request for a Drupal contributed module (15 May 2013)
CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of (15 May 2013)
CVE Request: Man in the middle on Gentoo Portage binary package instal (15 May 2013)
Remote command Injection in Creme Fraiche 0.6 Ruby Gem (14 May 2013)

Archives

148	May 2013
244	April 2013
237	March 2013
322	February 2013
214	January 2013
157	December 2012
186	November 2012
185	October 2012
232	September 2012
207	August 2012
150	July 2012
127	June 2012
235	May 2012
209	April 2012
292	March 2012
188	February 2012
333	January 2012
144	December 2011
239	November 2011
204	October 2011
133	September 2011
162	August 2011
258	July 2011
224	June 2011
155	May 2011
354	April 2011
319	March 2011
168	February 2011
149	January 2011
136	December 2010
187	November 2010
84	October 2010
175	September 2010
137	August 2010
117	July 2010
141	June 2010
115	May 2010
118	April 2010
122	March 2010
94	February 2010
72	January 2010
74	December 2009
105	November 2009
122	October 2009
102	September 2009
98	August 2009
84	July 2009
59	June 2009
96	May 2009
114	April 2009
75	March 2009
81	February 2009
89	January 2009
108	December 2008
127	November 2008
123	October 2008
127	September 2008
126	August 2008
149	July 2008
112	June 2008
136	May 2008
143	April 2008
103	March 2008
103	February 2008

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template