-
-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LMS-2014-06-16-1: Oberhumer LZO (CVE-2014-4607) #9
Comments
Would you terribly mind opening a pull request? |
Hello71
added a commit
to Hello71/libvncserver
that referenced
this issue
Jun 27, 2014
Closed
dscho
added a commit
that referenced
this issue
Jun 27, 2014
It was reported that LZO has security issues in LMS-2014-06-16-1: Oberhumer LZO (CVE-2014-4607): http://seclists.org/oss-sec/2014/q2/665 This was also reported by Alex Xu as #9. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Fixed in 3238443. |
jadahl
added a commit
to jadahl/libvncserver
that referenced
this issue
Sep 16, 2020
The pointers to the buffers were freed, and the size fields were set to 0, but the buffer pointers themsef was not set to NULL, when shutting down, meaning the next time used, NULL checks would not tell whether the pointer is valid. This caused crashes ending with #0 0x00007ffff73729e5 in raise () from /lib64/libc.so.6 LibVNC#1 0x00007ffff735b895 in abort () from /lib64/libc.so.6 LibVNC#2 0x00007ffff73b6857 in __libc_message () from /lib64/libc.so.6 LibVNC#3 0x00007ffff73bdd7c in malloc_printerr () from /lib64/libc.so.6 LibVNC#4 0x00007ffff73c2f1a in realloc () from /lib64/libc.so.6 LibVNC#5 0x00007ffff78b558e in rfbSendOneRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=40) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:106 LibVNC#6 0x00007ffff78b5dec in rfbSendRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=600) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:308 LibVNC#7 0x00007ffff7899453 in rfbSendFramebufferUpdate (cl=0x4a4b80, givenUpdateRegion=0x49ef70) at /home/jonas/Dev/gnome/libvncserver/libvncserver/rfbserver.c:3264 LibVNC#8 0x00007ffff789079d in rfbUpdateClient (cl=0x4a4b80) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1275 LibVNC#9 0x00007ffff78905f5 in rfbProcessEvents (screen=0x4d5790, usec=0) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1251
bk138
pushed a commit
that referenced
this issue
Sep 16, 2020
The pointers to the buffers were freed, and the size fields were set to 0, but the buffer pointers themsef was not set to NULL, when shutting down, meaning the next time used, NULL checks would not tell whether the pointer is valid. This caused crashes ending with #0 0x00007ffff73729e5 in raise () from /lib64/libc.so.6 #1 0x00007ffff735b895 in abort () from /lib64/libc.so.6 #2 0x00007ffff73b6857 in __libc_message () from /lib64/libc.so.6 #3 0x00007ffff73bdd7c in malloc_printerr () from /lib64/libc.so.6 #4 0x00007ffff73c2f1a in realloc () from /lib64/libc.so.6 #5 0x00007ffff78b558e in rfbSendOneRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=40) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:106 #6 0x00007ffff78b5dec in rfbSendRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=600) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:308 #7 0x00007ffff7899453 in rfbSendFramebufferUpdate (cl=0x4a4b80, givenUpdateRegion=0x49ef70) at /home/jonas/Dev/gnome/libvncserver/libvncserver/rfbserver.c:3264 #8 0x00007ffff789079d in rfbUpdateClient (cl=0x4a4b80) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1275 #9 0x00007ffff78905f5 in rfbProcessEvents (screen=0x4d5790, usec=0) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1251
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By embedding libvncserver, I believe that this package is vulnerable to CVE-2014-4607, which may raise the possibility of remote code execution.
http://seclists.org/oss-sec/2014/q2/665
I am not sufficiently aware of C to be entirely certain whether this bug affects this project, but seeing as the relevant code snippets have been included without modifications, I believe it is reasonable to assume that this project is affected.
LZO 2.07 has been released upstream and can be downloaded here: http://www.oberhumer.com/opensource/lzo/
I have tested copying in the relevant files and have not seen any compile errors.
It would be appreciated if this would be resolved in an expeditious manner due to the number of packages which use this library.
The text was updated successfully, but these errors were encountered: