konversation: out-of-bounds read on a heap-allocated array

Bug #1389296 reported by Jonathan Riddell on 2014-11-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
konversation (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned

Bug Description

https://www.kde.org/info/security/advisory-20140923-1.txt

Konversation's Blowfish ECB encryption support assumes incoming blocks
to be the expected 12 bytes. The lack of a sanity-check for the actual
size can cause a denial of service (crash) and an information leak of
up to 11 bytes due to an out-of-bounds read on a heap-allocated array.

fix at

http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7

Jonathan Riddell (jr) wrote :

vivid uploaded

Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :

trusty patch, note you will need to use a different version number in utopic

Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :
Jonathan Riddell (jr) wrote :

security advisory to be published shortly, draft at http://paste.kde.org/p5czbcuzg/lpwoza

nothing secret about this, new version of konversation is already out

Changed in konversation (Ubuntu Lucid):
status: New → In Progress
Changed in konversation (Ubuntu Precise):
status: New → In Progress
Changed in konversation (Ubuntu Trusty):
status: New → In Progress
Changed in konversation (Ubuntu Utopic):
status: New → In Progress
Changed in konversation (Ubuntu Vivid):
status: New → Triaged
Jamie Strandboge (jdstrand) wrote :

Thanks for the debdiffs!

FYI:
 * the trusty changelog was malformed (not enough spaces before the '*')
 * the utopic changelog was malformed (not enough spaces before the '*')
 * trusty didn't specify -security
 * utopic didn't specify -security
 * trusty and utopic have the same version in the archive so need to have different versions in the changelog, but they were the same (should be 1.5-1ubuntu1.14.04.1 and 1.5-1ubuntu1.14.10.1 instead of 1.5-1ubuntu1.1 for both)

I've fixed all this and am uploading to the security ppa now.

Changed in konversation (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in konversation (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in konversation (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in konversation (Ubuntu Utopic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.5.1-0ubuntu1

---------------
konversation (1.5.1-0ubuntu1) vivid; urgency=medium

  * New upstream release LP: #1389296
 -- Jonathan Riddell <email address hidden> Tue, 04 Nov 2014 17:16:50 +0100

Changed in konversation (Ubuntu Vivid):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.5-1ubuntu1.14.10.1

---------------
konversation (1.5-1ubuntu1.14.10.1) utopic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
    - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
    - CVE-2014-8483
    - https://www.kde.org/info/security/advisory-20140923-1.txt
 -- Jonathan Riddell <email address hidden> Tue, 04 Nov 2014 17:30:17 +0100

Changed in konversation (Ubuntu Utopic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.5-1ubuntu1.14.04.1

---------------
konversation (1.5-1ubuntu1.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
    - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
    - CVE-2014-8483
    - https://www.kde.org/info/security/advisory-20140923-1.txt
 -- Jonathan Riddell <email address hidden> Tue, 04 Nov 2014 17:35:50 +0100

Changed in konversation (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.4-1ubuntu2.1

---------------
konversation (1.4-1ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
    - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
    - CVE-2014-8483
    - https://www.kde.org/info/security/advisory-20140923-1.txt
 -- Jonathan Riddell <email address hidden> Tue, 04 Nov 2014 17:38:21 +0100

Changed in konversation (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.2.3-1ubuntu2.1

---------------
konversation (1.2.3-1ubuntu2.1) lucid-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
    - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
    - CVE-2014-8483
    - https://www.kde.org/info/security/advisory-20140923-1.txt
 -- Jonathan Riddell <email address hidden> Tue, 04 Nov 2014 17:40:19 +0100

Changed in konversation (Ubuntu Lucid):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

FYI, I neglected to notice that the URL in the changelog is wrong: https://www.kde.org/info/security/advisory-20140923-1.txt

It should've been: https://www.kde.org/info/security/advisory-20141104-1.txt. Mentioning it here in case people are confused.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers