Steffen Joeris
2008-Jul-17 12:42 UTC
[Secure-testing-team] Bug#491182: byacc: CVE-2008-3196: out of bound access
Package: byacc Severity: grave Tags: security, patch Justification: user security hole Hi Quoting an email[0] from Jan Lieskovsky about CVE-2008-3196. Description of problem: ====================== Otto Moerbeck has reported the following potential out of bounds of the allocated stack access in the yacc binary: Fix an venerable bug: if we''re reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action. Detected by my new malloc, experienced by sturm@ on sparc64; ok deraadt@ Public mention of this issue: ============================ http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2 Proposed OpenBSD patch: ====================== http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29 When you fix this issue, please mention the CVE id in your changelog and upload with high urgency, so the packages reach testing quickly. Cheers Steffen [0]: http://www.openwall.com/lists/oss-security/2008/07/15/3