Main Vulnerability Database SB2016082411

SB2016082411 - Fedora 24 update for chicken

Published: August 24, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016082411

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2016-6830)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).

2) Resource exhaustion (CVE-ID: CVE-2016-6831)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f