Bug 749073 – VUL-0: CVE-2012-0270: csound: two buffer overflow flaws in getnum()

Bug 749073 - VUL-0: CVE-2012-0270: csound: two buffer overflow flaws in getnum()


Summary:	VUL-0: CVE-2012-0270: csound: two buffer overflow flaws in getnum()

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2012-02-27 09:51 UTC by Matthias Weckbecker
Modified:	2015-02-18 22:17 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2012-02-27 09:51:07 UTC

Two vulnerabilities have recently been reported in csound:

1) A boundary error within the "getnum()" function (util/heti_main.c)
can be exploited to cause a stack-based buffer overflow via a specially 
crafted hetro file.

2) A boundary error within the "getnum()" function (util/pv_import.c)
can be exploited to cause a stack-based buffer overflow via a specially 
crafted PVOC file.

Reference:
http://secunia.com/secunia_research/2012-3/

Comment 1 Matthias Weckbecker 2012-02-27 09:51:41 UTC

Upstream patch is available at:

http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f

Comment 2 Swamp Workflow Management 2012-02-27 09:53:03 UTC

The SWAMPID for this issue is 45766.
This issue was rated as important.
Please submit fixed packages until 2012-03-05.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 3 Takashi Iwai 2012-02-27 13:16:43 UTC

The fixes for openSUSE 11.3 and 12.1 have been submitted via SRID 101758 and 101759.

For FACTORY, the package was updated to 5.16.6 which has already the fix.  Submitted via SRID 107162.

Comment 4 Bernhard Wiedemann 2012-02-27 14:00:15 UTC

This is an autogenerated message for OBS integration:
This bug (749073) was mentioned in
https://build.opensuse.org/request/show/107158 11.4 / csound
https://build.opensuse.org/request/show/107159 12.1 / csound
https://build.opensuse.org/request/show/107162 Factory / csound

Comment 5 Swamp Workflow Management 2012-02-28 14:46:37 UTC

Update released for: csound
Products:
openSUSE 11.4 (i586, x86_64)

Comment 6 Matthias Weckbecker 2012-02-28 14:47:29 UTC

released

Comment 7 Bernhard Wiedemann 2012-02-29 11:00:35 UTC

This is an autogenerated message for OBS integration:
This bug (749073) was mentioned in
https://build.opensuse.org/request/show/107528 Evergreen:11.2 / libpng12-0
https://build.opensuse.org/request/show/107531 Evergreen:11.2 / csound

Comment 8 Bernhard Wiedemann 2012-03-05 06:00:14 UTC

This is an autogenerated message for OBS integration:
This bug (749073) was mentioned in
https://build.opensuse.org/request/show/107942 Evergreen:11.2 / csound