oss-sec mailing list archives
Re: rpm/librpm/rpm-python memory corruption pre-verification
From: yersinia <yersinia.spiros () gmail com>
Date: Wed, 28 Sep 2011 13:07:58 +0200
On Tue, Sep 27, 2011 at 8:52 PM, Tavis Ormandy <taviso () cmpxchg8b com> wrote:
Hey, after the scary flaws Georgi spotted in apt-get, I had a quick look at rpm signature verification. Some trivial bitflipping found a few memory corruption issues. Originally I didn't think yum used rpm, but i was wrong, rpm-python is a native module wrapper that exports librpm to python. I'll step through the signature verification logic when I get a chance. Obviously we need the sections of rpm code touched before signature verification to be bulletproof, as most distributions rely on public mirror services that may or may not be trusted. Any volunteers who know crypto better than me appreciated, I'll be primarily looking for memory corruption. https://bugzilla.redhat.com/show_bug.cgi?id=741606 https://bugzilla.redhat.com/show_bug.cgi?id=741612 These bugs don't affect IMHO rpm5 : i have updated the bugzilla with these
infos. Best Regards
Tavis. -- ------------------------------------- taviso () cmpxchg8b com | pgp encrypted mail preferred -------------------------------------------------------
Current thread:
- rpm/librpm/rpm-python memory corruption pre-verification Tavis Ormandy (Sep 27)
- Re: rpm/librpm/rpm-python memory corruption pre-verification yersinia (Sep 28)
- Re: rpm/librpm/rpm-python memory corruption pre-verification nicolas vigier (Sep 29)