I applied fixes for both of these bugs to the PSPP repository, as the following commits. The fixes will be in the next PSPP release.
commit 41c6f5447941e5d36d0554ba874671649353752f Author: Ben Pfaff <[email protected]> Date: Tue Jul 4 12:58:55 2017 -0400 sys-file-reader: Fix integer overflows in parse_long_string_missing_values(). Crafted system files caused integer overflow errors that in turn caused aborts. This fixes the problem. CVE-2017-10791. See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004. See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890. See also https://security-tracker.debian.org/tracker/CVE-2017-10791. Found by team OWL337, using the collAFL fuzzer. commit bf03b53a3c0f0d1066062f37919015a8fa6ad436 Author: Ben Pfaff <[email protected]> Date: Tue Jul 4 12:54:47 2017 -0400 sys-file-reader: Avoid null dereference skipping bad extension record 18. read_record() assumed that read_extension_record() never set its output argument to NULL when it returned true, but this is possible in an error case. CVE-2017-10792. See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005. See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890. See also https://security-tracker.debian.org/tracker/CVE-2017-10792. Reported by team OWL337, with fuzzer collAFL. _______________________________________________ pspp-dev mailing list [email protected] https://lists.gnu.org/mailman/listinfo/pspp-dev
