Bugzilla – Bug 1010143
VUL-0: CVE-2015-8972: gnuchess: user input buffer overflow
Last modified: 2017-10-26 05:48:46 UTC
CVE-2015-8972 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8972 http://seclists.org/oss-sec/2016/q4/426 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8972.html
http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 gnuchess 6.2.4 fixed a stack buffer overflow related to user move input, i.e. 160 characters input can crash unpatched gnuchess 6.2.3. # diff -u4 gnuchess-6.2.3/src/frontend/move.cc gnuchess-6.2.4/src/frontend/move.cc --- gnuchess-6.2.3/src/frontend/move.cc 2015-01-01 23:57:25.000000000 +0100 +++ gnuchess-6.2.4/src/frontend/move.cc 2016-09-20 01:12:35.000000000 +0200 @@ -541,8 +541,13 @@ char mvstr[MAXSTR], *p; BitBoard b, b2; leaf *n1, *n2; + /* User input could be longer than MAXSTR */ + if ( strlen(s) >= MAXSTR ) { + s[MAXSTR-1] = '\0'; + } + TreePtr[2] = TreePtr[1]; GenMoves (1); FilterIllegalMoves (1); side = board.side;
This is an autogenerated message for OBS integration: This bug (1010143) was mentioned in https://build.opensuse.org/request/show/440379 Factory / gnuchess https://build.opensuse.org/request/show/440382 13.2+42.1+42.2 / gnuchess
openSUSE-SU-2016:2888-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 1010143 CVE References: CVE-2015-8972 Sources used: openSUSE Leap 42.2 (src): gnuchess-6.2.1-5.1 openSUSE Leap 42.1 (src): gnuchess-6.2.1-4.1 openSUSE 13.2 (src): gnuchess-6.0.2-6.3.1
released