FS#44017 : [grep] CVE-2015-1345: heap buffer out-of-bounds read / denial of service

FS#44017 - [grep] CVE-2015-1345: heap buffer out-of-bounds read / denial of service

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Monday, 02 March 2015, 14:51 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 02 March 2015, 21:56 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Sébastien Luttringer (seblu)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

It has been reported [0] that grep <= 2.21 is suffering from heap buffer out-of-bounds read which results in a crash (denial of service).
This issues is tracked as CVE-2015-1345 [1] and a upstream patch [2] is available.

I have attached a fixed PKGBUILD for convenience.

[0] http://seclists.org/oss-sec/2015/q1/179
[1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1345
[2] http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2

grep-PKGBUILD-CVE-2015-1345.p... (0.9 KiB)

This task depends upon

Closed by Sébastien Luttringer (seblu)
Monday, 02 March 2015, 21:56 GMT
Reason for closing: Fixed
Additional comments about closing: grep-2.21-2

Comment by Sébastien Luttringer (seblu) - Monday, 02 March 2015, 21:55 GMT

I didn't use the provided patch because it doesn't build in a clean chroot. automake was missing or a lighter patch without touching makefiles do the job.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44017 - [grep] CVE-2015-1345: heap buffer out-of-bounds read / denial of service

Details

Loading...