|
Message-ID: <20110929132540.GJ21938@mars-attacks.org> Date: Thu, 29 Sep 2011 15:25:40 +0200 From: nicolas vigier <boklm@...s-attacks.org> To: oss-security@...ts.openwall.com Subject: Re: rpm/librpm/rpm-python memory corruption pre-verification On Tue, 27 Sep 2011, Tavis Ormandy wrote: > > Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at > rpm signature verification. Some trivial bitflipping found a few memory > corruption issues. > > Originally I didn't think yum used rpm, but i was wrong, rpm-python is a > native module wrapper that exports librpm to python. I'll step through the > signature verification logic when I get a chance. > > Obviously we need the sections of rpm code touched before signature > verification to be bulletproof, as most distributions rely on public mirror > services that may or may not be trusted. Any volunteers who know crypto > better than me appreciated, I'll be primarily looking for memory corruption. > > https://bugzilla.redhat.com/show_bug.cgi?id=741606 > https://bugzilla.redhat.com/show_bug.cgi?id=741612 Patches on rpm git : http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.