Bug#615120: marked as done (eglibc: alloca memory corruption)
Your message dated Wed, 14 Dec 2011 19:55:32 +0000
with message-id <E1RauvM-0002ma-T4@franck.debian.org>
and subject line Bug#615120: fixed in eglibc 2.11.3-1
has caused the Debian Bug report #615120,
regarding eglibc: alloca memory corruption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
-- 
615120: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615120
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
package: eglibc
version: 2.11.2-10
severity: grave
tag: security
A memory corruption issue has been disclosed for eglibc [0].  I've
checked, and lenny (glibc), squeeze, and sid are affected by the poc.
experimental is not.  According to the report, this permits arbitrary
code execution.
[0] http://seclists.org/fulldisclosure/2011/Feb/635
--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.11.3-1
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:
eglibc-source_2.11.3-1_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-1_all.deb
eglibc_2.11.3-1.diff.gz
  to main/e/eglibc/eglibc_2.11.3-1.diff.gz
eglibc_2.11.3-1.dsc
  to main/e/eglibc/eglibc_2.11.3-1.dsc
eglibc_2.11.3.orig.tar.gz
  to main/e/eglibc/eglibc_2.11.3.orig.tar.gz
glibc-doc_2.11.3-1_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-1_all.deb
libc-bin_2.11.3-1_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-1_amd64.deb
libc-dev-bin_2.11.3-1_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-1_amd64.deb
libc6-dbg_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-1_amd64.deb
libc6-dev-i386_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-1_amd64.deb
libc6-dev_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-1_amd64.deb
libc6-i386_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-1_amd64.deb
libc6-pic_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-1_amd64.deb
libc6-prof_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-1_amd64.deb
libc6-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-1_amd64.udeb
libc6_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6_2.11.3-1_amd64.deb
libnss-dns-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-1_amd64.udeb
libnss-files-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.3-1_amd64.udeb
locales-all_2.11.3-1_amd64.deb
  to main/e/eglibc/locales-all_2.11.3-1_amd64.deb
locales_2.11.3-1_all.deb
  to main/e/eglibc/locales_2.11.3-1_all.deb
nscd_2.11.3-1_amd64.deb
  to main/e/eglibc/nscd_2.11.3-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615120@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 13 Dec 2011 11:23:12 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-1
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 535504 541167 561249 588218 609389 615120 619963 625250 626370 630077 630695 635885 637239 639897 646549
Changes: 
 eglibc (2.11.3-1) stable; urgency=low
 .
   * Update from stable upstream version, and update from the upstream
     stable branch:
     - fix wrong memmove/bcopy optimization with gcc-4.6.  Closes: #619963.
     - fix an integer overflow in fnmatch() (CVE-2011-1659).  Closes: #626370.
     - fix spurious warning in bswap_16() with -Wconversion.  Closes: #561249.
     - fix auxiliary cache file creation.  Closes: #588218.
     - fix memory corruption in fnmatch() that can lead to code execution
       (CVE-2011-1071).  Closes: #615120
     - fix strchr() on x86-64 CPU with SSE4.2.  Closes: #635885
   * Update patches:
     - patches/locale/locale-print-LANGUAGE.diff
     - patches/hppa/local-stack-grows-up.diff
     - patches/m68k/cvs-tls-support.patch
     - patches/any/local-disable-test-tgmath2.diff
     - patches/any/submitted-longdouble.diff
     - patches/any/submitted-bits-fcntl_h-at.diff
     - patches/kfreebsd/local-readdir_r.diff
   * Drop obsolete patches:
     - patches/any/cvs-redirect-throw.diff
     - patches/any/cvs-flush-cache-textrels.diff
     - patches/hurd-i386/cvs-linkat.diff
     - patches/hurd-i386/cvs-select.diff
     - patches/sparc/submitted-epoll.diff
     - patches/any/cvs-dont-expand-dst-twice.diff
     - patches/amd64/cvs-avx-tcb-alignment.diff
     - patches/any/submitted-etc-resolv.conf.diff
     - patches/any/cvs-audit-suid.diff
   * kfreebsd/local-sysdeps.diff, update to r3763 (from squeeze glibc-bsd).
     - fixes LD_PRELOAD with a kfreebsd-9 kernel. Closes: #630695.
     - uses upstream RFTSIGZMB for exit signal selection when available.
     - fixes a crash in if_nameindex() with more than 3 interfaces.
     - alter faccessat() X_OK tests similarly as access(). See #640334.
     - fix __libc_sa_len() for AF_LOCAL. See #645527.
   * Fix preinst script wrt 3.0 kernel. Patch by Colin Watson.  Closes:
     #630077.
   * Update submitted-resolv.conf-thread.diff from upstream to fix a
     deadlock in some rare cases.
   * Add patches/any/cvs-resolv-different-nameserver.diff and
     patches/any/submitted-resolv-assert.diff to try a different
     nameserver if the first one returns REFUSED.  Closes: #535504.
   * Add patches/any/cvs-getaddrinfo-single-lookup.diff to fix fallback to
     single lookup dns requests.  Closes: #541167.
   * Add patches/any/cvs-pthread-setgroups.diff to fix setgroups() with
     multiple threads.
   * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
     fix issues with dl_close() when resolving locally-defined symbols.
     Closes: #625250.
   * patches/i386/local-cpuid-level2.diff: fix a typo.  Closes: #609389.
   * patches/any/cvs-nptl-pthread-race.diff: fix a race in NPTL code that
     sometimes causes a deadlock when calling fork() from a thread.
   * patches/amd64/cvs-avx-detection.diff: do not use AVX if hardware support
     is present, but not enabled in the kernel.  Closes: #646549.
   * patches/any/cvs-statvfs-mount-flags.diff: get the mount flags directly
     from the kernel when possible instead of parsing /proc/mounts.  Closes:
     #639897.
   * patches/any/cvs-dlopen-tls.diff:  fix handling of static TLS in
     dlopen'ed objects.  Closes: #637239.
Checksums-Sha1: 
 fbb02f53c48f2bbf886f72993f56ec27ddae3fe5 2609 eglibc_2.11.3-1.dsc
 946ce1056c3b8a4f6cc908a6a7f8600dcc81216b 22677499 eglibc_2.11.3.orig.tar.gz
 5fe774d60be6b9eb7dee81b9c3c0a10af50518e7 911895 eglibc_2.11.3-1.diff.gz
 6525083e9b973c7978383e21dc217964646ec516 1851226 glibc-doc_2.11.3-1_all.deb
 ac4b227903817487e7d165d269d7e03318d40503 11102430 eglibc-source_2.11.3-1_all.deb
 b431f0551303ee709faf9b025c0194568efecfc4 4761210 locales_2.11.3-1_all.deb
 018c1854f429608a661d020783c60f8bdd187495 4280536 libc6_2.11.3-1_amd64.deb
 b4403c1c2aecac91e6720ad20c8a9315d252425b 2592022 libc6-dev_2.11.3-1_amd64.deb
 fc193489d5b4c93fe259f43512588e75cab8b4d2 2035588 libc6-prof_2.11.3-1_amd64.deb
 5a2cd2bb561f6a1fd55ce497cf5dbcf9bf64b9f5 1548920 libc6-pic_2.11.3-1_amd64.deb
 f0c54d398207226e1d29eed31e8f2b8156808db3 748266 libc-bin_2.11.3-1_amd64.deb
 9179dd998986d8b7a3621812a488bc8738ebcd0d 209932 libc-dev-bin_2.11.3-1_amd64.deb
 258de9dc037342df6ac6c4f520c90f0ed578682b 3660240 locales-all_2.11.3-1_amd64.deb
 84918828b8023c521f3807ea0bb1e9d502ecb755 3812582 libc6-i386_2.11.3-1_amd64.deb
 8d7dd6e596e8775e493ecacc196287a7cb109010 1526858 libc6-dev-i386_2.11.3-1_amd64.deb
 1a265dd782810b30662f12b8d850933409feb0e4 197314 nscd_2.11.3-1_amd64.deb
 b47317d1fd472862aa0bbb61b837294d50da13d7 10479894 libc6-dbg_2.11.3-1_amd64.deb
 c72ddebc66cc1a623cf054d42b66735f04fde852 1152164 libc6-udeb_2.11.3-1_amd64.udeb
 26f5267fecc0d9a703869f68f1f6d84995d75596 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb
 f7c5b2024a32af9f60fb9f7a2688073f58859f3e 20136 libnss-files-udeb_2.11.3-1_amd64.udeb
Checksums-Sha256: 
 89d3b3cfa96e378654d6680d9da28cf3e23920155b17c5aa80b55f9c4ed8451a 2609 eglibc_2.11.3-1.dsc
 86468e94516b84c586b0f5c78c5b2361474698a7619f465091b1a61f0ae134af 22677499 eglibc_2.11.3.orig.tar.gz
 4025d5e303b5452c92ae6fc4d5d9ded0c56d8c91733017347a88b55ad5d5c68e 911895 eglibc_2.11.3-1.diff.gz
 cdfee35accfc28570ace0255b22f7af4faa5e7682cb6f0499d83512b37fa2da3 1851226 glibc-doc_2.11.3-1_all.deb
 893906a4889183c38829d10fc23513ee83209fd4383256174c16bab9a611f53c 11102430 eglibc-source_2.11.3-1_all.deb
 f29f25b62dd44c0ab512ba6d0b1f9c1d3d1c9e15ede2d8bbbc54ba00dedf89cb 4761210 locales_2.11.3-1_all.deb
 5b2b729074dda7f5247eb70c651ce6297148d471e91f61fc421702c2b855427d 4280536 libc6_2.11.3-1_amd64.deb
 cea38b5e11910146163072715871f65832e03c5635a02604a19dd873ac665f5e 2592022 libc6-dev_2.11.3-1_amd64.deb
 4d9a915f44bf4b8cf98d875733cd51920101afbccf713704c3f9c15dfa80b06a 2035588 libc6-prof_2.11.3-1_amd64.deb
 40f6f1b584dce7ed2a984c0f8c1d2d5c04172867d40c18065c3d9bf64fbf8fb8 1548920 libc6-pic_2.11.3-1_amd64.deb
 5282d31aa028cc7c50a3f089a8dbef9cb6c740cbdb54d8b2f4ec6d2e41e5a044 748266 libc-bin_2.11.3-1_amd64.deb
 5f5f89b39b46d696232b7ae6ce6f6058bfd032bda73e308c67d5a208c3265b5e 209932 libc-dev-bin_2.11.3-1_amd64.deb
 7f1e587c68f3348704d8dec08c9a5705a7c9ea62200595da09b4cd635c73946f 3660240 locales-all_2.11.3-1_amd64.deb
 95dad61c46ff6a145cd1ea6645e90efb54190abb05d343999d7095dd90516a08 3812582 libc6-i386_2.11.3-1_amd64.deb
 f516fd0fbbea09f6f8eca573e7867ddb729bb14cf476a025419174793d539f23 1526858 libc6-dev-i386_2.11.3-1_amd64.deb
 e87e256800accc0c24a37eaa29bad321e993d0fbab103e52c924c35ba9c0ac53 197314 nscd_2.11.3-1_amd64.deb
 b40cb100648108d7ac5f2ed4f9cd90b72cded805770436775fce1208e4785e1b 10479894 libc6-dbg_2.11.3-1_amd64.deb
 800e2cbf9d657663ef9aec877cd783ee5d9f230cf41808fad61e5cd2fcaa12ec 1152164 libc6-udeb_2.11.3-1_amd64.udeb
 ff0ee247a3894978efb3bb79b049d94b69967bcd4f021da925db0c8c38277d32 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb
 26d5e05a9605f8fa2be703c9f51e33b346bfa35bf93227df044bd88a60a8e042 20136 libnss-files-udeb_2.11.3-1_amd64.udeb
Files: 
 2499ae0d38d415f5b178fe4d9de0b953 2609 libs required eglibc_2.11.3-1.dsc
 dd8e9ddf5a3d62209d2ef113888d0899 22677499 libs required eglibc_2.11.3.orig.tar.gz
 4ebb4997515cd758c6b49752296a0815 911895 libs required eglibc_2.11.3-1.diff.gz
 596404bd20f47e14d112d9d0c9267ed0 1851226 doc optional glibc-doc_2.11.3-1_all.deb
 8bd30dcd2e530b6ceda8e53497819a94 11102430 devel optional eglibc-source_2.11.3-1_all.deb
 7f06f3e42d4d116aa105553488fcd13f 4761210 localization standard locales_2.11.3-1_all.deb
 46bda1167945514343cc58ac892773fe 4280536 libs required libc6_2.11.3-1_amd64.deb
 79653cac13bd867841bbf84dcda3bc3d 2592022 libdevel optional libc6-dev_2.11.3-1_amd64.deb
 da18b6d75766cbfb56320ffd92618aec 2035588 libdevel extra libc6-prof_2.11.3-1_amd64.deb
 ba6fc4fda58bc8fb5b7b9e9d304713c2 1548920 libdevel optional libc6-pic_2.11.3-1_amd64.deb
 4011b2e0da4444d3198aba6ea14ec5ea 748266 libs required libc-bin_2.11.3-1_amd64.deb
 12b8265a5618f1a722cb1f5609d58251 209932 libdevel optional libc-dev-bin_2.11.3-1_amd64.deb
 ac36937438147ab9446d97ebfd9ccf96 3660240 localization extra locales-all_2.11.3-1_amd64.deb
 dde532b796bc117979f2f1b54b04d844 3812582 libs optional libc6-i386_2.11.3-1_amd64.deb
 0f1da83107e9aa52a943ede360382358 1526858 libdevel optional libc6-dev-i386_2.11.3-1_amd64.deb
 5053b4c9a70b901b88a5c88b6e8a9f74 197314 admin optional nscd_2.11.3-1_amd64.deb
 b1afd15812cc23893eb2618278bb2308 10479894 debug extra libc6-dbg_2.11.3-1_amd64.deb
 e9f290ce37f74e9ea1d4711242e0ff99 1152164 debian-installer extra libc6-udeb_2.11.3-1_amd64.udeb
 6214f1d10ad24e5b7058322b4220e286 11106 debian-installer extra libnss-dns-udeb_2.11.3-1_amd64.udeb
 76bb39b6ab4b837c13a60020a383fbed 20136 debian-installer extra libnss-files-udeb_2.11.3-1_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFO6EG8w3ao2vG823MRAnOVAJ9/Lk/mAXuCGkorjU9N5Zq97ioMRQCggp6k
BK3uF3KrAYaU6Ob/PQiCk10=
=FIk3
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: