Bugzilla – Bug 923618
VUL-0: CVE-2015-2675: librest: oauth implicit declaration of rest_proxy_call_get_url leads to memory error
Last modified: 2015-03-23 15:47:40 UTC
Via oss-sec: The OAuth implementation in librest, a helper library for RESTful services part of the GNOME project, incorrectly truncates the pointer returned by the rest_proxy_call_get_url function call, leading to an application crash, or worse. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644 Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038 See also: https://bugzilla.redhat.com/show_bug.cgi?id=1183982 The security impact was noted in 2015, although the bug was fixed in 2014. Use CVE-2015-2675.
Affected: <= 0.7.72 Fixed : >= 0.7.93 openSUSE:13.1 librest 0.7.90 affected openSUSE:13.2 librest 0.7.92 not affected (librest-missing-include.patch) openSUSE:Factory librest 0.7.93 fixed
This would need to be developed in to a reproducer: https://bugzilla.gnome.org/show_bug.cgi?id=742644#c0
(In reply to Andreas Stieger from comment #1) > Affected: <= 0.7.72 > Fixed : >= 0.7.93 > > openSUSE:13.1 librest 0.7.90 affected > openSUSE:13.2 librest 0.7.92 not affected (librest-missing-include.patch) > openSUSE:Factory librest 0.7.93 fixed Checked code again...Correction: Not affected: < 0.7.92 Affected: = 0.7.92 Fixed : >= 0.7.93 The header inclusion has been removed in 0.7.92 only. Does however not affect openSUSE 13.2 as a patch was added to fix the warning-error. Does not affect SLE 12.
(In reply to Andreas Stieger from comment #4) > Not affected: < 0.7.92 > Affected: = 0.7.92 > Fixed : >= 0.7.93 > > The header inclusion has been removed in 0.7.92 only. Does however not > affect openSUSE 13.2 as a patch was added to fix the warning-error. Let's praise our brp check to catching that in first place.