Bug 250971 - textproc/raptor2 heap overflow
Summary: textproc/raptor2 heap overflow
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-kde (group)
URL: https://www.openwall.com/lists/oss-se...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2020-11-09 01:39 UTC by Don Lewis
Modified: 2020-11-09 16:49 UTC (History)
2 users (show)

See Also:
tcberner: maintainer-feedback+


Attachments
patch to fix CVE-2017-18926 (2.70 KB, patch)
2020-11-09 01:53 UTC, Don Lewis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Don Lewis freebsd_committer freebsd_triage 2020-11-09 01:39:55 UTC
According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are two heap overflows in raptor 2.0.15.

A CVE has been assigned:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

The upstream raptor github repo has a patch:
  https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch
Comment 1 Don Lewis freebsd_committer freebsd_triage 2020-11-09 01:53:14 UTC
Created attachment 219478 [details]
patch to fix CVE-2017-18926
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-11-09 05:28:48 UTC
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:28:06 UTC 2020
New revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670

Log:
  Document vulnerability in textproc/raptor2

  From [1], [2], [3]:
  raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
  Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
  writer, leading to heap-based buffer overflows (sometimes seen in
  raptor_qname_format_as_xml).

  [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
  [2] https://www.debian.org/security/2020/dsa-4785
  [3] https://www.openwall.com/lists/oss-security/2017/06/07/1

  PR:		250971
  Security:	CVE-2017-18926

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-11-09 05:30:50 UTC
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:30:11 UTC 2020
New revision: 554671
URL: https://svnweb.freebsd.org/changeset/ports/554671

Log:
  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  MFH:		2020Q4
  Security:	CVE-2017-18926

Changes:
  head/textproc/raptor2/Makefile
  head/textproc/raptor2/files/
  head/textproc/raptor2/files/patch-CVE-2017-18926
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-11-09 16:48:28 UTC
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 16:47:47 UTC 2020
New revision: 554732
URL: https://svnweb.freebsd.org/changeset/ports/554732

Log:
  MFH: r554671

  textproc/raptor2 heap overflow

  According to https://www.openwall.com/lists/oss-security/2017/06/07/1 there are
  two heap overflows in raptor 2.0.15.

  A CVE has been assigned:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926

  The upstream raptor github repo has a patch:
    https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f.patch

  PR:		250971
  Submitted by:	truckman
  Security:	CVE-2017-18926

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/textproc/raptor2/Makefile
  branches/2020Q4/textproc/raptor2/files/
Comment 5 Tobias C. Berner freebsd_committer freebsd_triage 2020-11-09 16:49:56 UTC
Committed, thanks for the patch.

mfg Tobias