Eugene Teo | 1 Nov 01:09 2011
Picon

CVE request: kernel: oom: fix integer overflow of points in oom_badness

An integer overflow will happen on 64bit archs if task's sum of rss,
swapents and nr_ptes exceeds (2^31)/1000 value. This was introduced by
commit f755a04 oom: use pte pages in OOM score. This can cause a denial
of service.

https://lkml.org/lkml/2011/10/31/138

Eugene
--

-- 
Eugene Teo / Red Hat Security Response Team

Kurt Seifried | 1 Nov 02:05 2011
Picon

Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness

On 10/31/2011 06:09 PM, Eugene Teo wrote:
> An integer overflow will happen on 64bit archs if task's sum of rss,
> swapents and nr_ptes exceeds (2^31)/1000 value. This was introduced by
> commit f755a04 oom: use pte pages in OOM score. This can cause a denial
> of service.
>
> https://lkml.org/lkml/2011/10/31/138
>
> Eugene
Please use CVE-2011-4097 for this issue

--

-- 

-Kurt Seifried / Red Hat Security Response Team

Huzaifa Sidhpurwala | 1 Nov 16:24 2011
Picon

libcap/capsh: does not chdir after chroot

Hi All,

It was found that capsh program, usually shipped with the libcap
package, did not do a chdir("/") after calling chroot, when called with
a "--chroot" option. This resulted in the current directory being
outside the chroot.

This has been assigned CVE-2011-4099

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=722694

--

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

David Black | 1 Nov 18:11 2011

CVE request for Django-piston and Tastypie

"It was discovered that both Piston and Tastypie share a similar
vulnerability with respect to their de-serialization of YAML post
data. Both Piston and Tastypie used the yaml.load method, which is
unsafe. In certain circumstances this could be used to allow remote
execution of arbitrary code." [0]

Can a CVE be assigned to both Tastypie and Django-piston regarding
these issues ?

[0] https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/

Kurt Seifried | 1 Nov 20:15 2011
Picon

Re: CVE request for Django-piston and Tastypie

On 11/01/2011 11:11 AM, David Black wrote:
> y with respect to their de-serialization of YAML post
> data. Both Piston and Tastypie used the yaml.load method, which is
> unsafe. In certain
Can you please send me links for Piston and Tastypie announcements/code
commits showing the vuln please? Thanks.

--

-- 

-Kurt Seifried / Red Hat Security Response Team

Vincent Danen | 1 Nov 22:51 2011
Picon

CVE request for wireshark flaws

Can I get CVEs assigned to the following wireshark flaws?

1) An uninitialized variable in the CSN.1 dissector could cause a crash.

Affects: 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
https://bugzilla.redhat.com/show_bug.cgi?id=750643

2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
the Infiniband dissector could dereference a NULL pointer.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-18.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
https://bugzilla.redhat.com/show_bug.cgi?id=750645

3) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader.

Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3

References:
http://www.wireshark.org/security/wnpa-sec-2011-19.html
(Continue reading)

Vincent Danen | 1 Nov 22:58 2011
Picon

Re: CVE request for Django-piston and Tastypie

* [2011-11-01 13:15:53 -0600] Kurt Seifried wrote:

>On 11/01/2011 11:11 AM, David Black wrote:
>> y with respect to their de-serialization of YAML post
>> data. Both Piston and Tastypie used the yaml.load method, which is
>> unsafe. In certain
>Can you please send me links for Piston and Tastypie announcements/code
>commits showing the vuln please? Thanks.

Can't speak for Tastypie (we don't ship it so I didn't look), but for
Piston:

https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
https://bugzilla.redhat.com/show_bug.cgi?id=750658

There is no Piston announcement that I can see.

--

-- 
Vincent Danen / Red Hat Security Response Team 

Kurt Seifried | 1 Nov 23:03 2011
Picon

Re: CVE request for wireshark flaws

For the record: this is a *perfect* CVE request =). It's descriptive, it
has versions, it has all the links to verify it with the original
sources, all that good stuff.

On 11/01/2011 03:51 PM, Vincent Danen wrote:
> Can I get CVEs assigned to the following wireshark flaws?
>
>
> 1) An uninitialized variable in the CSN.1 dissector could cause a crash.
>
> Affects: 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-17.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
> https://bugzilla.redhat.com/show_bug.cgi?id=750643
>
Please use CVE-2011-4100 for this.

>
> 2) Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that
> the Infiniband dissector could dereference a NULL pointer.
>
> Affects: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2, fixed in 1.6.3
>
> References:
> http://www.wireshark.org/security/wnpa-sec-2011-18.html
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500
(Continue reading)

Kurt Seifried | 1 Nov 23:27 2011
Picon

Re: CVE request for Django-piston and Tastypie

On 11/01/2011 03:58 PM, Vincent Danen wrote:
> * [2011-11-01 13:15:53 -0600] Kurt Seifried wrote:
>
>> On 11/01/2011 11:11 AM, David Black wrote:
>>> y with respect to their de-serialization of YAML post
>>> data. Both Piston and Tastypie used the yaml.load method, which is
>>> unsafe. In certain
>> Can you please send me links for Piston and Tastypie announcements/code
>> commits showing the vuln please? Thanks.
>
> Can't speak for Tastypie (we don't ship it so I didn't look), but for
> Piston:
>
> https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
> https://bugzilla.redhat.com/show_bug.cgi?id=750658
>
> There is no Piston announcement that I can see.
>
Please use CVE-2011-4103 for the Piston yaml.load issue.

--

-- 

-Kurt Seifried / Red Hat Security Response Team

David Black | 2 Nov 02:35 2011

Re: CVE request for Django-piston and Tastypie

The Tastypie announcement can be found at
http://groups.google.com/group/django-tastypie/browse_thread/thread/8b668d1831d35012

and the patch to fix this bug can be found at
https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2


Gmane