libksba: CVE-2014-9087: buffer overflow in ksba_oid_to_str

Debian Bug report logs - #770972
libksba: CVE-2014-9087: buffer overflow in ksba_oid_to_str

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libksba: buffer overflow in ksba_oid_to_str

Date: Tue, 25 Nov 2014 16:17:34 +0100

Source: libksba
Version: 1.3.1-1
Severity: grave
Tags: security upstream patch fixed-upstream

Hi all,

Today a new upstream release for Libksba was announced, addressing in
particular the following:

> Impact of the security bug
> ==========================
>
> By using special crafted S/MIME messages or ECC based OpenPGP data, it
> is possible to create a buffer overflow.  The bug is not easy to exploit
> because there only 80 possible values which can be used to overwrite
> memory.  However, a denial of service is possible and someone may come
> up with other clever attacks.  Thus this should be fix.
>
> Affected versions: All Libksba versions < 1.3.2
>
> Background: Yesterday Hanno B��ck found an invalid memory access in the
> 2.1 branch of GnuPG by conveying a malformed OID as part of an ECC key.
> It turned out that this bug has also been in libksba ever since and
> affects at least gpgsm and dirmngr.  The code to convert an OID to its
> string representation has an obvious error of not considering an invalid
> encoding for arc-2.  A first byte of 0x80 can be used to make a value of
> less then 80 and we then subtract 80 from it as required by the OID
> encoding rules.  Due to the use of an unsigned integer this results in a
> pretty long value which won't fit anymore into the allocated buffer.
> The actual fix for lib Libksba is commit f715b9e.

Announce: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
Upstream fix: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7

Regards,
Salvatore

Message #12 received at 770972@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 770972@bugs.debian.org

Subject: Re: Bug#770972: libksba: buffer overflow in ksba_oid_to_str

Date: Tue, 25 Nov 2014 19:11:25 +0100

[Message part 1 (text/plain, inline)]

Hi

Attached both debdiffs for wheezy-security and unstable using the
upstream patch.

Regards,
Salvatore

[libksba_1.2.0-2+deb7u1.debdiff (text/plain, attachment)]

[libksba_1.3.1-1.1.debdiff (text/plain, attachment)]

Message #17 received at 770972-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@debian.org>

To: 770972-close@bugs.debian.org

Subject: Bug#770972: fixed in libksba 1.3.2-1

Date: Tue, 25 Nov 2014 19:19:37 +0000

Source: libksba
Source-Version: 1.3.2-1

We believe that the bug you reported is fixed in the latest version of
libksba, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated libksba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Nov 2014 20:05:54 +0100
Source: libksba
Binary: libksba-dev libksba8
Architecture: source i386
Version: 1.3.2-1
Distribution: unstable
Urgency: high
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 libksba-dev - X.509 and CMS support library - development files
 libksba8   - X.509 and CMS support library
Closes: 770972
Changes:
 libksba (1.3.2-1) unstable; urgency=high
 .
   * New upstream security release, fixing a buffer overflow in ksba_oid_to_str
     in Libksba. Closes: #770972
Checksums-Sha1:
 d5165f6d4f8ca8a5d88b655b007c3557f3fa903b 2127 libksba_1.3.2-1.dsc
 37d0893a587354af2b6e49f6ae701ca84f52da67 600952 libksba_1.3.2.orig.tar.bz2
 bba5d33ba9dfb59840b67505cc0177fa131e07b8 11324 libksba_1.3.2-1.debian.tar.xz
 914d767238659833f977bbcac284c7a019845c90 133742 libksba-dev_1.3.2-1_i386.deb
 18d4f801c3e709b272a9b4996b8c0bcbc6e69a13 101922 libksba8_1.3.2-1_i386.deb
Checksums-Sha256:
 811e285985f02c50d021796114bbf9bd7eeef1526da4a9d29f1d5217bfa22d9b 2127 libksba_1.3.2-1.dsc
 eb95537955dfc2845690a4cc3836074fa6d0a2c2ca2cbf1759364d3bd9868406 600952 libksba_1.3.2.orig.tar.bz2
 dc774944eb5dd0fab3799846cfcea50284360dcc6056c547c96005ff7ecae88b 11324 libksba_1.3.2-1.debian.tar.xz
 43125f48f365ee0021d6a3c12a956fdfa0d0456353de29cbaf46546934839dff 133742 libksba-dev_1.3.2-1_i386.deb
 5fa7d0ed41b2e914426eebb7ead1c08752a07d2c7f7a7653db2704768ed60bc6 101922 libksba8_1.3.2-1_i386.deb
Files:
 cd604ad5bc8aeb4e974a342e184c25f3 2127 libs optional libksba_1.3.2-1.dsc
 c3c9a66e22d87fe3ae59865250b8a09c 600952 libs optional libksba_1.3.2.orig.tar.bz2
 e0dc4e60eb83a4c46dc64d3f4b8da1e6 11324 libs optional libksba_1.3.2-1.debian.tar.xz
 acc84cde199b50535638964c902bfa14 133742 libdevel optional libksba-dev_1.3.2-1_i386.deb
 52b070a9617e6df71b332dfa2402a9c4 101922 libs optional libksba8_1.3.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUdNRNAAoJEKVPAYVDghSEZfYQAJ+g0RTGEKM7sqmbAFTl6J/L
Rgv8ZeRE+RISy5LG8M573tbJfsfKsKN1SnwUJOVy5FNc4WyzN3IZOvwwTVW/4/6T
5GhunyZmszbNTf1XjoGSyJclpcQpdpgDFZwgWIzqkgQRMgAOgG1O/s3ODTL/Hqa7
0VihatZU4wdiib9eJJ/fGwRn642x66KpgGCqnAZlfS0kHBuYHEsvzWvWUjdyMCGh
7DKQ5bdNRWRs8YOR24+CEiwLtkN9jRfKaCmQDDspJUKdnAMzITCVNbicv3tiyFz7
lFlIKYYIm31O2I/ZWuq7lflxv0cY0iF2bWjAorcwPkhA6hfg4xEUlTFCZhSaKWjO
ccIKjhXnemrLeKMiprmkPbMdUuXf+epUo0LZZABkag2qND1OJWvU8XWKTv5iw120
Ygrt/K7w5I14N3sOcgHzryWhzzvNPJhe/D4n/xr1Z38Pfw8rAHU/ubx4n+b5Z2Yc
THnroWlJRffFHPChHHt0FsMS7Y/aj3gs75IyZfbdBlkxF483wv657XQUkfi/PCZc
NRrxQC1+mXpzntM++7KmUV0Ly82porarJmRT+K7qG9UD8ST1/rzc7v8D8sAjD2+a
N6dRGz0SoWJrJulNQPrG2SmKbGLb6EvzeyxyeJ0CUXttnG2N5Wmj5zfhobxaV6ji
4Ti4e9mzAmxhs7nQWH4v
=tqnN
-----END PGP SIGNATURE-----

Message #24 received at 770972-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 770972-close@bugs.debian.org

Subject: Bug#770972: fixed in libksba 1.2.0-2+deb7u1

Date: Sun, 30 Nov 2014 23:17:06 +0000

Source: libksba
Source-Version: 1.2.0-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
libksba, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libksba package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2014 09:09:22 +0100
Source: libksba
Binary: libksba-dev libksba8
Architecture: source amd64
Version: 1.2.0-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libksba-dev - X.509 and CMS support library - development files
 libksba8   - X.509 and CMS support library
Closes: 770972
Changes: 
 libksba (1.2.0-2+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add 0001-Fix-buffer-overflow-in-ksba_oid_to_str.patch patch.
     CVE-2014-9087: Fix buffer overflow in ksba_oid_to_str. (Closes: #770972)
Checksums-Sha1: 
 f52ccf52ff7391b21082415df77ba4e1971b596d 2159 libksba_1.2.0-2+deb7u1.dsc
 0c4e593464b9dec6f53c728c375d54a095658230 588323 libksba_1.2.0.orig.tar.bz2
 f8d9dca81dd96c2f52f781c10d2bfbd70b7fd030 7179 libksba_1.2.0-2+deb7u1.debian.tar.gz
 60bb1c8bb402b8c0a56a63dd5b6647f71fb96c52 163948 libksba-dev_1.2.0-2+deb7u1_amd64.deb
 96cd019f9699650eec3a2d355c94b45d821df1fc 109010 libksba8_1.2.0-2+deb7u1_amd64.deb
Checksums-Sha256: 
 a14f0e7b0fe62b1a89b4e64b57705ce21239b1612cebaed41abc0c1291d7e4f0 2159 libksba_1.2.0-2+deb7u1.dsc
 09afce65b03d027cbec10d21464f4f651cdfd269e38b404f83e48d3e2a3c934b 588323 libksba_1.2.0.orig.tar.bz2
 f0d18f12555c0908821c0fd5dc39c7599b16cc5af5a44088d9c008edb8113e6f 7179 libksba_1.2.0-2+deb7u1.debian.tar.gz
 fb36e8111cb9a62249f8cd8a8d09010f136af05337c685d8e163eefa6bf3a41d 163948 libksba-dev_1.2.0-2+deb7u1_amd64.deb
 b67af83cafd253be0ed7ae644704d9ef780bc697a7b4ae8faab62919b08adabb 109010 libksba8_1.2.0-2+deb7u1_amd64.deb
Files: 
 eab707f1523649cc632b53db9c451427 2159 libs optional libksba_1.2.0-2+deb7u1.dsc
 e797f370b69b4dc776499d6a071ae137 588323 libs optional libksba_1.2.0.orig.tar.bz2
 9eafd6eeca197d308fc7ce9146ecbbfe 7179 libs optional libksba_1.2.0-2+deb7u1.debian.tar.gz
 bde1e9dbf963fa5a92d361cb8510b660 163948 libdevel optional libksba-dev_1.2.0-2+deb7u1_amd64.deb
 8dc219aefa1c03334693949675471f6b 109010 libs optional libksba8_1.2.0-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUdZIaAAoJEAVMuPMTQ89EzvgP/18+ypJkvVUASbfuzzCxqYIc
dI97dqh/EvO1zsA6BxNpeXp8T60mYzorzbWVc+854oFSO2bjSZJZBSmpxseHgz05
JiMu2kOxE9hz7F7aAojFjPzyxfOEFfMlI22Lh4pkJPSBEWAKSu5CHl3oj1B4wF/p
3Fv1VabKYpb3e3IBbByu7boCVrKfwAG8cgokgW0XwooaRlnRKnm5K4RVB2NmD0k/
2L2D/OhVk09t29S1CvUPH502u7kUJxJrCj0jjwUzeYXOiLiusnOp2A0BwPfVjHxR
V6pvUG5/26uo1EDFFRMzeAzA2IAN3mQCd+GRKurfOXNW6X4n1Yl7vawBkYfnGN5l
TQ0uEzxsC/4vADqowa+ai1+rQU+f7sbagvfpJtr/DOZzJoJoHGPpnNuvVqaL3xe+
WQc4gLW2TBSCYStoPq9RT8e86CKtbOcM1NtKF+NK0lPqj+4EzLQHrxXck8V7D2+O
JtMudAPRKN5hlAZtBf6w4LqLpgEDCC8wSv2HpqB9skFSFZjmJBgsylwnT9/LFg7x
pTIp3MA7fnAsoybIwl60uK4gnTOuRoO9sg4aDIhbj5gINxi4kQt5atQw2cDF7gKF
eXvfzkx4oZbU9yN7qZKt2Qpyd63eTWEj8m883LmABcrLnFt3QLDIE+Wq+iKr0D0j
1jbm8cdKMcS8qweUEc9+
=I5C+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.