oss-sec mailing list archives
Re: CVE Request - Slim 1.3.6 fixes a security issue
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 09 Oct 2013 11:06:14 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2013 07:03 AM, mancha wrote:
Hello Kurt, vendors, et al. Slim 1.3.6 fixes a security flaw related to a potential NULL ptr. dereference when using crypt() from glibc 2.17+ (eglibc 2.17+). Without the fix, malformed or unsupported salts crash the login daemon. Upstream fix: http://git.berlios.de/cgi- bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
b
Would you please allocate a CVE for this issue? Regards, --mancha
Please use CVE-2013-4412 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSVY0FAAoJEBYNRVNeJnmTmBUQAI7mc7UsIOY00ZgioN9vK+3T rkEsqaWceujRSMZY/f8hrjmVZvwqQ0ycRTXVZ2GZtYVnGLz2gYGnWB9pR3FBNZ+E L8XJuBW4ShjVkxuHIZRnWgijB97o3epKRKAKWIipIRYmqtGw9R1Bu4lTebyV3vTt TPzsfhC+6VZjtbCPZDr899pWKsRv8CAM2zKLPkjuhEzyQ6BZAK/BiBRDGsseM6Po dTwycNHnzJcZ+mzb59WYwAloe8LpJXEzzc7XNLCjvGijMd1F6ID4fy4gnlKJ45pN XbnHf0jYlGvOTxAdic9x32r0x5KtMpwqzLukmKoBkntdlBEoLOID4xWy8yBdNGIu hZ16HBJarcnGmnzbSeHbhcJ+DW9n782qCoUMZTqdHWVysLXmDfdnoJGjdp9oHRq7 gEKWtur3y30s8IBjG7kNesdTniOG7ZEA2pZ5S2zLA0AOPc7A7ogBuVjdefGOB6Er huvz+as5wgpS/mI7pBfsptrlpaXe1M/aZm90WZf+Q7MFXcvFifDCia1haahwL7nc 5CiICKV1hlASMfuAEFsdhcTrdZ+fEM8Z3nsa27BPUDUuIOCqNSdPUHxD9CzPPjuT KysGsdtEgbe498LUMC6trtidDFeKMcUqPlCXtBK0z2zi8cJ6WN+VJTqe0oKWGSql rWPIGof4/DH1P5A3qIzh =aKYM -----END PGP SIGNATURE-----
Current thread:
- CVE Request - Slim 1.3.6 fixes a security issue mancha (Oct 09)
- Re: CVE Request - Slim 1.3.6 fixes a security issue Kurt Seifried (Oct 09)