[putty] Fixed integer overflow
Jaroslav Škarvada
jskarvad at fedoraproject.org
Mon Aug 5 13:52:07 UTC 2013
commit 50eac02aaac70866d3b22c9a41e92d74b84976e0
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Mon Aug 5 15:51:57 2013 +0200
Fixed integer overflow
Resolves: CVE-2013-4852
- Fixed bogus dates in changelog (best estimated)
putty-CVE-2013-4852.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
putty.spec | 17 ++++++++++++-----
2 files changed, 55 insertions(+), 5 deletions(-)
---
diff --git a/putty-CVE-2013-4852.patch b/putty-CVE-2013-4852.patch
new file mode 100644
index 0000000..9cc39af
--- /dev/null
+++ b/putty-CVE-2013-4852.patch
@@ -0,0 +1,43 @@
+--- putty/import.c 2013/07/07 14:34:37 9895
++++ putty/import.c 2013/07/08 22:36:04 9896
+@@ -290,7 +290,7 @@
+ if (len < 4)
+ goto error;
+ bytes = GET_32BIT(d);
+- if (len < 4+bytes)
++ if (bytes < 0 || len-4 < bytes)
+ goto error;
+
+ ret->start = d + 4;
+--- putty/sshdss.c 2013/07/07 14:34:37 9895
++++ putty/sshdss.c 2013/07/08 22:36:04 9896
+@@ -43,6 +43,8 @@
+ if (*datalen < 4)
+ return;
+ *length = GET_32BIT(*data);
++ if (*length < 0)
++ return;
+ *datalen -= 4;
+ *data += 4;
+ if (*datalen < *length)
+@@ -98,7 +100,7 @@
+ }
+ #endif
+
+- if (!p || memcmp(p, "ssh-dss", 7)) {
++ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
+ sfree(dss);
+ return NULL;
+ }
+--- putty/sshrsa.c 2013/07/07 14:34:37 9895
++++ putty/sshrsa.c 2013/07/08 22:36:04 9896
+@@ -526,6 +526,8 @@
+ if (*datalen < 4)
+ return;
+ *length = GET_32BIT(*data);
++ if (*length < 0)
++ return;
+ *datalen -= 4;
+ *data += 4;
+ if (*datalen < *length)
+
diff --git a/putty.spec b/putty.spec
index 621eac0..092fa12 100644
--- a/putty.spec
+++ b/putty.spec
@@ -1,6 +1,6 @@
Name: putty
Version: 0.62
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: SSH, Telnet and Rlogin client
License: MIT
Group: Applications/Internet
@@ -9,6 +9,7 @@ Source0: http://the.earth.li/~sgtatham/putty/latest/%{name}-%{version}.tar.gz
Source2: %{name}.desktop
# By default create new files as non-executables
Patch0: putty-perms.patch
+Patch1: putty-CVE-2013-4852.patch
BuildRequires: gtk2-devel krb5-devel halibut desktop-file-utils
BuildRequires: ImageMagick
@@ -19,6 +20,7 @@ Putty is a SSH, Telnet & Rlogin client - this time for Linux.
%setup -q
%patch0 -p1
+%patch1 -p1 -b .CVE-2013-4852
%build
./mkfiles.pl
@@ -58,6 +60,11 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Aug 5 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 0.62-6
+- Fixed integer overflow
+ Resolves: CVE-2013-4852
+- Fixed bogus dates in changelog (best estimated)
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.62-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@@ -110,7 +117,7 @@ rm -rf $RPM_BUILD_ROOT
- Macro-ized Source filenames
- Cleanup of spaces/tabs to eliminate rpmlint warnings
-* Mon Aug 27 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-3
+* Sun Aug 27 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-3
- Rebuild for FC6
* Wed May 03 2006 Michael J. Knox <michael[AT]knox.net.nz> - 0.58-2
@@ -119,13 +126,13 @@ rm -rf $RPM_BUILD_ROOT
* Tue Apr 19 2005 Adrian Reber <adrian at lisas.de> - 0.58-1
- Updated to 0.58
-* Tue Feb 29 2005 Adrian Reber <adrian at lisas.de> - 0.57-2
+* Tue Mar 01 2005 Adrian Reber <adrian at lisas.de> - 0.57-2
- fix build with gcc4
* Mon Feb 21 2005 Adrian Reber <adrian at lisas.de> - 0.57-1
- Updated to 0.57
-* Tue Oct 28 2004 Adrian Reber <adrian at lisas.de> - 0.56-0.fdr.1
+* Tue Oct 26 2004 Adrian Reber <adrian at lisas.de> - 0.56-0.fdr.1
- Updated to 0.56 (bug #2209)
* Fri Aug 6 2004 Ville Skyttä <ville.skytta at iki.fi> - 0:0.55-0.fdr.2
@@ -134,7 +141,7 @@ rm -rf $RPM_BUILD_ROOT
* Thu Aug 05 2004 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.55.fdr.1
- Update to 0.55 due to security problem (CORE-2004-0705).
-* Mon Nov 18 2003 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.0-0.fdr.2.20030821
+* Tue Nov 18 2003 Andreas Pfaffeneder <fedora at zuhause-local.de> 0:0.0-0.fdr.2.20030821
- Add desktop-file-utils to build requires
* Sun Aug 24 2003 Adrian Reber <adrian at lisas.de> 0:0.0-0.fdr.1.20030821
More information about the scm-commits
mailing list