-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message
On 13.03.2016 18:29, Carl-Daniel Hailfinger wrote: > An internal security audit of the flashrom project by > Carl-Daniel Hailfinger found a buffer overflow bug present in all > flashrom versions since the year 2005. > This bug was independently found and reported to flashrom.org by > Cosmin Gorgovan a few days ago. > > A buffer on the stack and a buffer on the heap are affected by the > overflow caused by an incorrect fscanf format string. > The buffer overflow can only be triggered if the optional layout feature > is used and if the user manually specifies a specially crafted layout > file on the command line. Command line parsing and flash image handling > do not trigger the buggy code path. > Most usage of flashrom does not involve layout files. > > The fix in this commit (changed fscanf format string) can be applied to > layout.c of all past flashrom versions. > > Signed-off-by: Carl-Daniel Hailfinger <[email protected]> > Acked-by: Stefan Tauner <[email protected]> Committed in r1953. Regards, Carl-Daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iD8DBQFW5aWNRdNMz2eF/AERAgYrAJ0SzPNjYPs7skeFg4/ko0H6z3S2WwCeJ+aL MXdaNHOr5u0W6XFqmoTW2Uo= =Q91L -----END PGP SIGNATURE----- _______________________________________________ flashrom mailing list [email protected] https://www.flashrom.org/mailman/listinfo/flashrom
