Re: rpm/librpm/rpm-python memory corruption pre-verification

[yersinia <yersinia.spiros () gmail com>]

On Tue, Sep 27, 2011 at 8:52 PM, Tavis Ormandy <taviso () cmpxchg8b com> wrote:

> Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at
> rpm signature verification. Some trivial bitflipping found a few memory
> corruption issues.
>
> Originally I didn't think yum used rpm, but i was wrong, rpm-python is a
> native module wrapper that exports librpm to python. I'll step through the
> signature verification logic when I get a chance.
>
> Obviously we need the sections of rpm code touched before signature
> verification to be bulletproof, as most distributions rely on public mirror
> services that may or may not be trusted. Any volunteers who know crypto
> better than me appreciated, I'll be primarily looking for memory
> corruption.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=741606
> https://bugzilla.redhat.com/show_bug.cgi?id=741612
>
> These bugs don't affect IMHO rpm5 : i have updated the bugzilla with these
infos. Best Regards

> Tavis.
>
> --
> -------------------------------------
> taviso () cmpxchg8b com | pgp encrypted mail preferred
> -------------------------------------------------------