This bug was fixed in the package snapd-glib - 1.41-0ubuntu0.18.04.1
---------------
snapd-glib (1.41-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release:
- Fix buffer overflows reading HTTP chunked data (LP: #1740865)
- Support new snapd API (LP: #1774565) (LP: #1774566)
-- Robert Ancell <[email protected]> Fri, 01 Jun 2018
16:03:26 +1200
** Changed in: snapd-glib (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to snapd-glib in Ubuntu.
https://bugs.launchpad.net/bugs/1740865
Title:
gnome-software (5) g_realloc → g_array_maybe_expand → g_array_set_size
→ g_byte_array_set_size → read_cb
Status in snapd-glib package in Ubuntu:
Fix Released
Status in snapd-glib source package in Bionic:
Fix Released
Status in snapd-glib source package in Cosmic:
Fix Released
Bug description:
[Impact]
snapd-glib can do an invalid memory access when parsing HTTP chunked data.
Found doing code inspection and testing based on crash reports.
[Test Case]
No specific trigger - just look for reduced reports on errors.ubuntu.com.
[Regression Potential]
Some risk of further breaking HTTP handling in snapd-glib. Updated algorithm
tested in a test program run through valgrind to give confidence in the changes.
Error reports:
https://errors.ubuntu.com/problem/d94c431d27115bab216f9e1ea756f876e7cd933b
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd-glib/+bug/1740865/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
