Bug#781044: Bug#781043: monopd/libcapsinetwork: CVE-2015-0841: off-by-one error in network code
Sylvain Rochet
gradator at gradator.net
Mon Mar 23 21:10:26 UTC 2015
Hello Markus and Niko,
On Mon, Mar 23, 2015 at 08:38:49PM +0100, Markus Koschany wrote:
> Hello,
>
> On 23.03.2015 19:42, Niko Tyni wrote:
> [...]
> > There's an off-by-one error in libcapsinetwork network handling code,
> > which was merged into monopd in version 0.9.4.
>
> Thanks for the report.
>
> [...]
> > I have informed the monopd upstream maintainer, Sylvain Rochet, about this.
> > His suggested patch was
> >
> > - char *readBuf = new char[MAXLINE];
> > + char *readBuf = new char[MAXLINE+1]; // MAXLINE + '\0'
> >
> > The issue is present in at least
> >
> > monopd_0.9.7-2 (jessie/sid, embeds the code)
>
> Since upstream and the security team agree that this is not exploitable
> and thus not release critical, I suggest to fix this bug only in sid and
> stretch.
Now that the CVE is public, I released monopd 0.9.8 containing:
Peter Pentchev (2):
Check for libsystemd in preference to libsystemd-daemon.
Fix a couple of typographical and grammatical errors.
Sylvain Rochet (2):
fixed CVE-2015-0841: off-by-one error in network code
systemd: it is not allowed to create a stand-alone Description
field, moved to [Unit] section
http://download.tuxfamily.org/gtkatlantic/monopd/monopd-0.9.8.tar.gz
http://download.tuxfamily.org/gtkatlantic/monopd/monopd-0.9.8.tar.gz.sha256sum
http://download.tuxfamily.org/gtkatlantic/monopd/monopd-0.9.8.tar.gz.asc
> My original intention was to ask for the removal of libcapsinetwork
> during the release cycle of stretch because the library seemed stable
> and reliable enough to warrant another inclusion in Debian stable. Given
> the fact that libcapsinetwork only supports IPv4 and the network code
> (including IPv6 support) is already included in monopd, we could also
> ask for the removal right now.
>
> If there are no objections, I will go ahead and ask the ftp team to
> remove libcapsinetwork from Debian (including Jessie).
I agree too, I actually asked for ;-)
Sylvain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20150323/68ed7d05/attachment-0002.sig>
More information about the Pkg-games-devel
mailing list