[3.3] libbsd: Heap buffer overflow in fgetwln function (CVE-2016-2090)
libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.
Fixed In Version:
libbsd 0.8.2
References:
http://seclists.org/oss-sec/2016/q1/234
https://bugs.freedesktop.org/show\_bug.cgi?id=93881
Patch:
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7
(from redmine: issue id 6094, created on 2016-08-28, closed on 2016-09-28)
- Relations:
- parent #6092 (closed)
- Changesets:
- Revision a234bfc5 on 2016-09-23T13:31:49Z:
main/libbsd: security upgrade to 0.8.2 (CVE-2016-2090). Fixes #6094