tag 681888 - patch
thanks
On Fri, Sep 21, 2012 at 06:27:38PM +0200, Arne Wichmann wrote:
tag 681888 + patch
thanks
There is a fix for CVE-2012-3406 in
https://bugzilla.redhat.com/attachment.cgi?id=594722
As already explained earlier before this bug was cloned, I don't think
we should use this patch:
| I'll add the patches for CVE-2012-3404 and CVE-2012-3405 as they come
| from upstream and look correct. For CVE-2012-3406 RedHat, as usual,
| hasn't submitted the patch upstream and thus it hasn't been reviewed. I
| have looked at it quickly and I have to say I don't really like it.
| Replacing a call to alloca() by a call to malloc() without checking the
| return value is only a small improvement when the attacker can control
| the allocation size. Also it means the attacker can DoS the system or
| crash the program. To finish malloc() + memmove() + free() is not the
| best way to reallocate big chunks of memory when realloc() exists.
|
| I am therefore not planning to apply this patch in the current state,
| and thus I am cloning this bug to keep this CVE entry separated from the
| others.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
