Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request - Slim 1.3.6 fixes a security issue
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 09 Oct 2013 11:06:14 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/09/2013 07:03 AM, mancha wrote:
Hello Kurt, vendors, et al.

Slim 1.3.6 fixes a security flaw related to a potential NULL ptr. 
dereference when using crypt() from glibc 2.17+ (eglibc 2.17+). 
Without the fix, malformed or unsupported salts crash the login 
daemon.

Upstream fix: http://git.berlios.de/cgi- 
bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f


b

Would you please allocate a CVE for this issue?

Regards,

--mancha


Please use CVE-2013-4412 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSVY0FAAoJEBYNRVNeJnmTmBUQAI7mc7UsIOY00ZgioN9vK+3T
rkEsqaWceujRSMZY/f8hrjmVZvwqQ0ycRTXVZ2GZtYVnGLz2gYGnWB9pR3FBNZ+E
L8XJuBW4ShjVkxuHIZRnWgijB97o3epKRKAKWIipIRYmqtGw9R1Bu4lTebyV3vTt
TPzsfhC+6VZjtbCPZDr899pWKsRv8CAM2zKLPkjuhEzyQ6BZAK/BiBRDGsseM6Po
dTwycNHnzJcZ+mzb59WYwAloe8LpJXEzzc7XNLCjvGijMd1F6ID4fy4gnlKJ45pN
XbnHf0jYlGvOTxAdic9x32r0x5KtMpwqzLukmKoBkntdlBEoLOID4xWy8yBdNGIu
hZ16HBJarcnGmnzbSeHbhcJ+DW9n782qCoUMZTqdHWVysLXmDfdnoJGjdp9oHRq7
gEKWtur3y30s8IBjG7kNesdTniOG7ZEA2pZ5S2zLA0AOPc7A7ogBuVjdefGOB6Er
huvz+as5wgpS/mI7pBfsptrlpaXe1M/aZm90WZf+Q7MFXcvFifDCia1haahwL7nc
5CiICKV1hlASMfuAEFsdhcTrdZ+fEM8Z3nsa27BPUDUuIOCqNSdPUHxD9CzPPjuT
KysGsdtEgbe498LUMC6trtidDFeKMcUqPlCXtBK0z2zi8cJ6WN+VJTqe0oKWGSql
rWPIGof4/DH1P5A3qIzh
=aKYM
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault