Bug 1046998 - (CVE-2017-10791) VUL-0: CVE-2017-10791: pspp: Integer overflow in the hash_int library
VUL-0: CVE-2017-10791: pspp: Integer overflow in the hash_int library
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 42.2
: P3 - Medium : Minor
: ---
Assigned To: Mindaugas Baranauskas
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-07-03 07:37 UTC by Marcus Meissner
Modified: 2017-08-10 01:12 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

pspp-0002-sys-file-reader-Fix-integer-overflows-in-parse_long_.patch (1.64 KB, patch)
2017-07-29 18:52 UTC, Mindaugas Baranauskas
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-07-03 07:37:43 UTC

There is an Integer overflow in the hash_int function of the libpspp library in
GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code
when attempting to convert invalid SPSS data into CSV format. A crafted input
will lead to a remote denial of service attack.

Comment 1 Mindaugas Baranauskas 2017-07-29 18:52:38 UTC
Created attachment 734462 [details]

Patch from Fedora, extracted from https://kojipkgs.fedoraproject.org//packages/pspp/0.10.2/5.fc26/src/pspp-0.10.2-5.fc26.src.rpm
Comment 2 Mindaugas Baranauskas 2017-07-30 06:55:37 UTC
I can still reproduce bug in pspp 0.10.2 even with this upstream patch.
Also, I can reproduce with latest upstream pspp 0.10.5pre2, that have this patch already
Comment 3 Mindaugas Baranauskas 2017-07-31 03:58:40 UTC
It showed a lot warnings, thus I suggested to not work.
But patches indeed works! Submitting:
https://build.opensuse.org/request/show/513103 for Leap 42.2
https://build.opensuse.org/request/show/513104 for Leap 42.3
Comment 4 Andreas Stieger 2017-08-09 20:10:36 UTC
release for Leap, done
Comment 5 Swamp Workflow Management 2017-08-10 01:12:14 UTC
openSUSE-SU-2017:2123-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1046997,1046998
CVE References: CVE-2017-10791,CVE-2017-10792
Sources used:
openSUSE Leap 42.3 (src):    pspp-0.10.2-5.1
openSUSE Leap 42.2 (src):    pspp-0.10.2-2.3.1