Bug 1034570 (CVE-2017-7853)

Summary: VUL-0: CVE-2017-7853: libosip2: In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap bufferoverflow in the msg...
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Ruediger Oertel <ro>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/183651/
Whiteboard: CVSSv2:SUSE:CVE-2017-7853:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2017-7853:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2017-7853:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2017-04-18 07:46:36 UTC
CVE-2017-7853

In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap buffer
overflow in the msg_osip_body_parse() function defined in
osipparser2/osip_message_parse.c, resulting in a remote DoS.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7853
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7853.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
http://www.cvedetails.com/cve/CVE-2017-7853/
http://www.securityfocus.com/bid/97644
https://savannah.gnu.org/support/index.php?109265
Comment 2 Marcus Meissner 2017-04-18 07:49:08 UTC
code is already in SLE11 GA, so considering all affected up to tumbleweed
Comment 3 Ruediger Oertel 2017-04-20 13:48:14 UTC
link in comment#1 leads to 502/bad gateway
Comment 4 Marcus Meissner 2017-04-20 14:25:17 UTC
it works for me as of this time.
Comment 5 Ruediger Oertel 2017-04-20 15:34:43 UTC
yes, it's back by now

rq list:
489638 update libosip2 to 5.0.0 plus fix for bnc#1034570
489635 update for leap42.2 with fixes for bnc#103457[0124]
489634 update for leap42.1 with fixes for bnc#103457[0124]
131561 update for sle12 with fixes for bnc#103457[0124]
131562 update for sle11 with fixes for bnc#103457[0124]
Comment 6 Bernhard Wiedemann 2017-04-20 16:01:20 UTC
This is an autogenerated message for OBS integration:
This bug (1034570) was mentioned in
https://build.opensuse.org/request/show/489634 42.1 / libosip2
https://build.opensuse.org/request/show/489635 42.2 / libosip2
Comment 8 Swamp Workflow Management 2017-04-28 16:10:51 UTC
openSUSE-SU-2017:1127-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1034570,1034571,1034572,1034574
CVE References: CVE-2016-10324,CVE-2016-10325,CVE-2016-10326,CVE-2017-7853
Sources used:
openSUSE Leap 42.2 (src):    libosip2-4.1.0-5.3.1
openSUSE Leap 42.1 (src):    libosip2-4.1.0-5.1
Comment 9 Swamp Workflow Management 2017-05-06 04:09:55 UTC
SUSE-SU-2017:1187-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1034570,1034571,1034572,1034574
CVE References: CVE-2016-10324,CVE-2016-10325,CVE-2016-10326,CVE-2017-7853
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libosip2-3.5.0-20.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libosip2-3.5.0-20.1
Comment 10 Swamp Workflow Management 2017-05-06 04:10:57 UTC
SUSE-SU-2017:1188-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1034570,1034571,1034572,1034574
CVE References: CVE-2016-10324,CVE-2016-10325,CVE-2016-10326,CVE-2017-7853
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libosip2-3.1.0-3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libosip2-3.1.0-3.1