rpms/kdebase/F-8 post-3.5.8-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.284, 1.285

Than Ngo (than) fedora-extras-commits at redhat.com
Mon Jan 28 12:37:43 UTC 2008 

Author: than

Update of /cvs/extras/rpms/kdebase/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7773

Modified Files:
	kdebase.spec 
Added Files:
	post-3.5.8-kdebase-kdm.diff 
Log Message:
kdm: local DoS vulnerability, CVE-2007-5963


post-3.5.8-kdebase-kdm.diff:

--- NEW FILE post-3.5.8-kdebase-kdm.diff ---
--- kdm/backend/inifile.c
+++ kdm/backend/inifile.c
@@ -37,6 +37,7 @@
 #include "dm_error.h"
 
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
@@ -47,17 +48,27 @@
 {
 	char *data;
 	int fd, len;
+	struct stat st;
 
 	if ((fd = open( fname, O_RDONLY | O_NONBLOCK )) < 0) {
 		Debug( "cannot open ini-file %\"s: %m", fname );
 		return 0;
 	}
-	len = lseek( fd, 0, SEEK_END );
+	if (fstat( fd, &st ) || !S_ISREG( st.st_mode )) {
+		LogWarn( "Ini-file %\"s is no regular file\n", fname );
+		close( fd );
+		return 0;
+	}
+	if (st.st_size >= 0x10000) {
+		LogWarn( "Ini-file %\"s is too big\n", fname );
+		close( fd );
+		return 0;
+	}
+	len = st.st_size;
 	if (!(data = Malloc( len + 2 ))) {
 		close( fd );
 		return 0;
 	}
-	lseek( fd, 0, SEEK_SET );
 	if (read( fd, data, len ) != len) {
 		Debug( "cannot read ini-file %\"s: %m", fname );
 		free( data );


Index: kdebase.spec
===================================================================
RCS file: /cvs/extras/rpms/kdebase/F-8/kdebase.spec,v
retrieving revision 1.284
retrieving revision 1.285
diff -u -r1.284 -r1.285
--- kdebase.spec	14 Jan 2008 13:21:22 -0000	1.284
+++ kdebase.spec	28 Jan 2008 12:37:06 -0000	1.285
@@ -22,7 +22,7 @@
 %endif
 
 Version: 3.5.8
-Release: 30%{?dist}
+Release: 31%{?dist}
 
 %if 0%{?fedora} > 8
 Name: kdebase3
@@ -104,6 +104,8 @@
 Patch203: kdebase-3.5.8-gcc43.patch
 
 # security fixes
+# KDM local DoS vulnerability, CVE-2007-5963
+Patch1000: post-3.5.8-kdebase-kdm.diff
 
 %if 0%{?libs}
 Requires: %{name}-libs = %{?epoch:%{epoch}:}%{version}-%{release}
@@ -322,6 +324,8 @@
 %patch202 -p4 -b .gtk212
 %patch203 -p0 -b .gcc43
 
+%patch1000 -p0 -b .CVE-2007-5963
+
 %if "%{name}" != "kdebase"
 # hacks to omit stuff that doesn't support DO_NOT_COMPILE
 sed -i -e 's|^FONTINST_SUBDIR=kfontinst|#FONTINST_SUBDIR=kfontinst|' kcontrol/Makefile.am
@@ -810,6 +814,9 @@
 
 
 %changelog
+* Mon Jan 28 2008 Than Ngo <than at redhat.com> 3.5.8-31
+- kdm: local DoS vulnerability, CVE-2007-5963
+
 * Wed Jan 09 2008 Rex Dieter <rdieter[AT]fedoraproject.org> - 3.5.8-30
 - f9+: omit kcontrol/kfontinst

More information about the fedora-extras-commits mailing list