buffer leak in outputfilter

Bug #89308 reported by Kees Cook on 2007-03-02
254
Affects Status Importance Assigned to Milestone
libapache2-mod-python (Ubuntu)
Undecided
Unassigned
Breezy
Low
Kees Cook
Dapper
Low
Kees Cook

Bug Description

Binary package hint: libapache2-mod-python

Jim Garrison brought to my attention a fix put into mod_python that should be treated as a security vulnerability, and fixed in Dapper and Breezy. Prior to at least 3.2.8, output filters handling >16384 bytes would include "too much" buffer memory, possibly leading to other session information being displayed. Forwarded details:

See last four messages in this list by Miles Egan for a patch that fixes it:
http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/author

The patch was applied to "trunk" in subversion revision 103561 of mod_python on
the apache subversion server: http://svn.apache.org/viewvc?view=rev&revision=103561

CVE References

Kees Cook (kees) wrote :

Rejecting devel task, this affects only Breezy and Dapper versions.

Changed in libapache2-mod-python:
status: Unconfirmed → Rejected
importance: Undecided → Low
status: Unconfirmed → Confirmed
assignee: nobody → keescook
importance: Undecided → Low
status: Unconfirmed → Confirmed
assignee: nobody → keescook
Kees Cook (kees) wrote :

Fixes published as part of USN-430-1.

Changed in libapache2-mod-python:
status: Confirmed → Fix Released
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers