Bugzilla – Bug 1046998
VUL-0: CVE-2017-10791: pspp: Integer overflow in the hash_int library
Last modified: 2017-08-10 01:12:14 UTC
rh#1467004 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1467004 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10791 http://www.cvedetails.com/cve/CVE-2017-10791/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10791
Created attachment 734462 [details] pspp-0002-sys-file-reader-Fix-integer-overflows-in-parse_long_.patch Patch from Fedora, extracted from https://kojipkgs.fedoraproject.org//packages/pspp/0.10.2/5.fc26/src/pspp-0.10.2-5.fc26.src.rpm
I can still reproduce bug in pspp 0.10.2 even with this upstream patch. Also, I can reproduce with latest upstream pspp 0.10.5pre2, that have this patch already
It showed a lot warnings, thus I suggested to not work. But patches indeed works! Submitting: https://build.opensuse.org/request/show/513103 for Leap 42.2 https://build.opensuse.org/request/show/513104 for Leap 42.3
release for Leap, done
openSUSE-SU-2017:2123-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1046997,1046998 CVE References: CVE-2017-10791,CVE-2017-10792 Sources used: openSUSE Leap 42.3 (src): pspp-0.10.2-5.1 openSUSE Leap 42.2 (src): pspp-0.10.2-2.3.1