StarlingX

CVE-2018-18751: gettext: double free in default_add_message

Bug #1881426 reported by Ghada Khalil
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Poornima Y N

Bug Description

CVE-2018-18751: gettext: double free in default_add_messag

CVSSv2: 7.5 (AV:N/AC:L/Au:N/C/I/A)

Description:
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-18751

https://access.redhat.com/errata/RHSA-2020:1138
https://<email address hidden>/msg05941.html

The new RPMs are:
gettext-0.19.8.1-3.el7.x86_64.rpm
gettext-libs-0.19.8.1-3.el7.x86_64.rpm
gettext-devel-0.19.8.1-3.el7.x86_64.rpm
gettext-common-devel-0.19.8.1-3.el7.noarch.rpm

gettext-0.19.8.1-3.el7.src.rpm

Reported By: StarlingX May 2020 CVE Scan

See original description

CVE References

Ghada Khalil (gkhalil)
information type: Public → Public Security
tags: added: stx.3.0 stx.4.0 stx.security
Revision history for this message
Ghada Khalil (gkhalil) wrote :

This CVE is applicable to stx.3.0 (r/stx.3.0 branch) & stx.4.0 (master branch)

Ghada Khalil (gkhalil)
description: updated
description: updated
Ghada Khalil (gkhalil)
Changed in starlingx:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Ghada Khalil (gkhalil) wrote :

The process is to address the CVE in stx master first and then cherrypick to stx.3.0 after some soak time

Poornima Y N (poornimayn)
Changed in starlingx:
assignee: nobody → Poornima Y N (poornimayn)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/734779

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/734779
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=5fdf687d29d1970225a31d4e219233af3e874df4
Submitter: Zuul
Branch: master

commit 5fdf687d29d1970225a31d4e219233af3e874df4
Author: Poornima <email address hidden>
Date: Thu Jun 11 03:17:56 2020 +0530

    CVE-2018-18751 Fix

    Centos gettext rpms are upgraded to following, that has the fix
    included.
    gettext-0.19.8.1-3.el7.x86_64.rpm
    gettext-libs-0.19.8.1-3.el7.x86_64.rpm
    gettext-devel-0.19.8.1-3.el7.x86_64.rpm
    gettext-common-devel-0.19.8.1-3.el7.noarch.rpm

    Test:
    All the layer build is successful. Deployed an all-in-one simplex,
    using the ISO created with the changes.

    Closes bug: 1881426
    Change-Id: I021e815e8a863149740ad13f7d89bceb12f09f2b
    Signed-off-by: Poornima <email address hidden>
    Signed-off-by: Sharath Kumar K <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (r/stx.3.0)

Fix proposed to branch: r/stx.3.0
Review: https://review.opendev.org/737906

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (r/stx.3.0)

Reviewed: https://review.opendev.org/737906
Committed: https://git.openstack.org/cgit/starlingx/tools/commit/?id=5504537d7e83fbec770087d25c1d4c6dad6e976e
Submitter: Zuul
Branch: r/stx.3.0

commit 5504537d7e83fbec770087d25c1d4c6dad6e976e
Author: Poornima <email address hidden>
Date: Wed Jun 17 01:57:36 2020 +0530

    gettext: CVE-2018-18751 Fix

    Centos gettext rpms are upgraded to following, that has the fix
    included.
    gettext-0.19.8.1-3.el7.x86_64.rpm
    gettext-libs-0.19.8.1-3.el7.x86_64.rpm
    gettext-devel-0.19.8.1-3.el7.x86_64.rpm
    gettext-common-devel-0.19.8.1-3.el7.noarch.rpm

    Test:
    Build is successful. Deployed an all-in-one simplex,
    using the ISO created with the changes.

    Closes bug: 1881426
    Depends-On: https://review.opendev.org/#/c/737902/
    Signed-off-by: Poornima <email address hidden>
    Change-Id: I1c65fe95a20367869ff9e329105a4740bdf5a63d
    (cherry picked from commit 5fdf687d29d1970225a31d4e219233af3e874df4)

Ghada Khalil (gkhalil)
tags: added: in-r-stx30
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.