Bug#185508: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines (fwd)

To: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>, 185508@bugs.debian.org
Subject: Bug#185508: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines (fwd)
From: GOTO Masanori <gotom@debian.or.jp>
Date: Thu, 20 Mar 2003 11:47:55 +0900
Message-id: <[🔎] 80y93alpno.wl@oris.opensource.jp>
Reply-to: GOTO Masanori <gotom@debian.or.jp>, 185508@bugs.debian.org
In-reply-to: <[🔎] Pine.GSO.4.40.0303191436580.8229-100000@antares.cc.umanitoba.ca>
References: <[🔎] Pine.GSO.4.40.0303191436580.8229-100000@antares.cc.umanitoba.ca>

At Wed, 19 Mar 2003 14:40:53 -0600 (CST),
Drew Scott Daniels wrote:
> 
> Package: glibc
> Severity: grave
> Tags: security, potato, woody, sarge, sid
> 
> I hope I'm not just causing extra work by posting this, but it is a grave
> bug and I haven't seen anything yet about it. The security team should
> already have a copy the CERT advisory, maybe even from before it's public
> release.

Hmm, glibc-2.2.x (stable), 2.3.1-14 (testing), 2.3.1-15 (unstable)
seems be vulnerable.  OK, I apply the designated patch, and release
-16 with urgency=high.

BTW, glibc-2.2.x should apply this update, in addition there is a
request to bump up IA-64 stacksize.  We should do it at the same time.

Regards,
-- gotom

> GNU glibc
> 
>    Version 2.3.1 of the GNU C Library is vulnerable. Earlier versions are
>    also  vulnerable.  The  following patches have been installed into the
>    CVS  sources,  and  should  appear  in  the  next version of the GNU C
>    Library. These patches are also available from the following URLs:
> 
>      http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/rpc/xdr.h.
>      diff?r1=1.26&r2=1.27&cvsroot=glibc
>      http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_mem.c.
>      diff?r1=1.13&r2=1.15&cvsroot=glibc
>      http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_rec.c.
>      diff?r1=1.26&r2=1.27&cvsroot=glibc
>      http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_sizeof
>      .c.diff?r1=1.5&r2=1.6&cvsroot=glibc
>      http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_stdio.
>      c.diff?r1=1.15&r2=1.16&cvsroot=glibc
> 
> 2002-12-16  Roland McGrath
> 
>         * sunrpc/xdr_mem.c (xdrmem_inline): Fix argument type.
>         * sunrpc/xdr_rec.c (xdrrec_inline): Likewise.
>         * sunrpc/xdr_stdio.c (xdrstdio_inline): Likewise.
> 
> 2002-12-13  Paul Eggert
> 
>         * sunrpc/rpc/xdr.h (struct XDR.xdr_ops.x_inline): 2nd arg
>         is now u_int, not int.
>         (struct XDR.x_handy): Now u_int, not int.
>         * sunrpc/xdr_mem.c: Include .
>         (xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes, xdrmem_putbytes,
>         xdrmem_inline, xdrmem_getint32, xdrmem_putint32):
>         x_handy is now unsigned, not signed.
>         Do not decrement x_handy if no change is made.
>         (xdrmem_setpos): Check for int overflow.
>         * sunrpc/xdr_sizeof.c (x_inline): 2nd arg is now unsigned.
>         (xdr_sizeof): Remove cast that is now unnecessary, now that
>         x_handy is unsigned.
> 
>    [ text of diffs available in the links included above --CERT/CC ]

-- gotom

Reply to:

References:
- Bug#185508: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines (fwd)
  - From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>

Prev by Date: Bug#144670: locales: please add alias "breton" for br_FR
Next by Date: Bug#144670: locales: please add alias "breton" for br_FR
Previous by thread: Bug#185508: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines (fwd)
Next by thread: Bug#185508: marked as done (CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines (fwd))
Index(es):
- Date
- Thread