Bug 20841

Summary: Common Data Format CDF File Processing Vulnerabilities
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: libcdfAssignee: Vitaly Lipatov <lav>
Status: NEW --- QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: lav
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2009-07-09

Description Vladimir Lettiev 2009-07-21 15:51:24 MSD 
Various memory corruption vulnerabilities have been identified during a
security audit of the CDF library. The vulnerabilities exist in the code
processing CDF files.

The vendor has addressed vulnerabilities on 20.7.2009. with CDF
library version 3.3. New CDF library 3.3 has 'cdfvalidate' module
that will validate CDF files for potential malformed values.

Vulnerability discovered by Leon Juranic <leon.juranic@infigo.hr>

Other links:
http://cdf.gsfc.nasa.gov/html/CDF_v330.html
http://secunia.com/advisories/35940
Comment 1 Vitaly Lipatov 2009-07-22 00:42:32 MSD 
Версия 3.3 стала собирать только libcdf.so
вместо прежнего soname, пока не решил, что делать.