Bug#650790: marked as done (libc6: __tzfile_read heap overflow)
Your message dated Sun, 12 Feb 2012 21:32:19 +0000
with message-id <E1Rwh1v-0006gS-CF@franck.debian.org>
and subject line Bug#650790: fixed in eglibc 2.11.3-3
has caused the Debian Bug report #650790,
regarding libc6: __tzfile_read heap overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
650790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650790
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libc6: __tzfile_read heap overflow
- From: Paul Visscher <paulv@canonical.org>
- Date: Fri, 02 Dec 2011 21:29:53 -0500
- Message-id: <20111203022953.13925.39506.reportbug@panacea.canonical.org>
Package: libc6
Version: 2.11.2-10
Severity: normal
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
Running the example program results in a crash.
Note that this can be leveraged to exploit multiple ftp daemons (as disclosed earlier today): http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
(I ran the test on a different machine than I am reporting from on because the machine I am reporting from is using grsecurity. I can provide further information if requested).
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.0.8-1-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libc-bin 2.11.2-10 Embedded GNU C Library: Binaries
ii libgcc1 1:4.4.5-8 GCC support library
Versions of packages libc6 recommends:
ii libc6-i686 2.11.2-10 Embedded GNU C Library: Shared lib
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii glibc-doc 2.11.2-10 Embedded GNU C Library: Documentat
ii locales 2.11.2-10 Embedded GNU C Library: National L
-- debconf information:
glibc/upgrade: true
glibc/disable-screensaver:
glibc/restart-failed:
* glibc/restart-services: postfix openbsd-inetd mysql cron
--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.11.3-3
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:
eglibc-source_2.11.3-3_all.deb
to main/e/eglibc/eglibc-source_2.11.3-3_all.deb
eglibc_2.11.3-3.diff.gz
to main/e/eglibc/eglibc_2.11.3-3.diff.gz
eglibc_2.11.3-3.dsc
to main/e/eglibc/eglibc_2.11.3-3.dsc
glibc-doc_2.11.3-3_all.deb
to main/e/eglibc/glibc-doc_2.11.3-3_all.deb
libc-bin_2.11.3-3_amd64.deb
to main/e/eglibc/libc-bin_2.11.3-3_amd64.deb
libc-dev-bin_2.11.3-3_amd64.deb
to main/e/eglibc/libc-dev-bin_2.11.3-3_amd64.deb
libc6-dbg_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-dbg_2.11.3-3_amd64.deb
libc6-dev-i386_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-dev-i386_2.11.3-3_amd64.deb
libc6-dev_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-dev_2.11.3-3_amd64.deb
libc6-i386_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-i386_2.11.3-3_amd64.deb
libc6-pic_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-pic_2.11.3-3_amd64.deb
libc6-prof_2.11.3-3_amd64.deb
to main/e/eglibc/libc6-prof_2.11.3-3_amd64.deb
libc6-udeb_2.11.3-3_amd64.udeb
to main/e/eglibc/libc6-udeb_2.11.3-3_amd64.udeb
libc6_2.11.3-3_amd64.deb
to main/e/eglibc/libc6_2.11.3-3_amd64.deb
libnss-dns-udeb_2.11.3-3_amd64.udeb
to main/e/eglibc/libnss-dns-udeb_2.11.3-3_amd64.udeb
libnss-files-udeb_2.11.3-3_amd64.udeb
to main/e/eglibc/libnss-files-udeb_2.11.3-3_amd64.udeb
locales-all_2.11.3-3_amd64.deb
to main/e/eglibc/locales-all_2.11.3-3_amd64.deb
locales_2.11.3-3_all.deb
to main/e/eglibc/locales_2.11.3-3_all.deb
nscd_2.11.3-3_amd64.deb
to main/e/eglibc/nscd_2.11.3-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 650790@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 02 Feb 2012 22:20:02 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-3
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
eglibc-source - Embedded GNU C Library: sources
glibc-doc - Embedded GNU C Library: Documentation
libc-bin - Embedded GNU C Library: Binaries
libc-dev-bin - Embedded GNU C Library: Development binaries
libc0.1 - Embedded GNU C Library: Shared libraries
libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.1-pic - Embedded GNU C Library: PIC archive library
libc0.1-prof - Embedded GNU C Library: Profiling Libraries
libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - Embedded GNU C Library: Shared libraries
libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.3-pic - Embedded GNU C Library: PIC archive library
libc0.3-prof - Embedded GNU C Library: Profiling Libraries
libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6 - Embedded GNU C Library: Shared libraries
libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
libc6-dbg - Embedded GNU C Library: detached debugging symbols
libc6-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - Embedded GNU C Library: PIC archive library
libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
libc6-prof - Embedded GNU C Library: Profiling Libraries
libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc6-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6.1 - Embedded GNU C Library: Shared libraries
libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6.1-pic - Embedded GNU C Library: PIC archive library
libc6.1-prof - Embedded GNU C Library: Profiling Libraries
libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
locales - Embedded GNU C Library: National Language (locale) data [support]
locales-all - Embedded GNU C Library: Precompiled locale data
nscd - Embedded GNU C Library: Name Service Cache Daemon
Closes: 650790 658171 659504
Changes:
eglibc (2.11.3-3) stable; urgency=low
.
* patches/any/cvs-tzfile.diff: fix integer overflow in timezone code.
(CVE-2009-5029). Closes: #650790.
* patches/any/submitted-resolv-first-query-failure.diff: new patch to fix
resolving issues with broken servers returning NOTIMP or FORMERR to AAAA
queries. Closes: #658171.
* local/manpages/gai.conf.5: update from latest RedHat version. Closes:
#659504.
Checksums-Sha1:
99c4ad4ab0353d3de31dc9c82f6583e2ab52b270 2609 eglibc_2.11.3-3.dsc
433d8a1fef00df3b9628276b62686a4762c63ba6 913754 eglibc_2.11.3-3.diff.gz
271eb2c928572f2634d77b280878a1624d66b1ef 1851436 glibc-doc_2.11.3-3_all.deb
c2472e9ca5c91cfe48414aca093ed695eda2c39f 11114212 eglibc-source_2.11.3-3_all.deb
07c64b9cba12ee0bd56763ea7ba5f52c093bd2bc 4761188 locales_2.11.3-3_all.deb
c5c4adb88998a1314d7b67c53c326aad629de0ba 4281114 libc6_2.11.3-3_amd64.deb
9ceed05a0ca0fa457e01fe22283e89c1c60490e2 2592448 libc6-dev_2.11.3-3_amd64.deb
b8e19d70f176448587e4e8f00efe5f96e5e45ec2 2035812 libc6-prof_2.11.3-3_amd64.deb
3e77a613e5b244de1006b16adb425cd07203a588 1549350 libc6-pic_2.11.3-3_amd64.deb
4038d4586b06f31ab81d49836e9952bca6a44823 748806 libc-bin_2.11.3-3_amd64.deb
05e3f72790cda6a317a5ba88f045899c347b31d7 210126 libc-dev-bin_2.11.3-3_amd64.deb
db41d13bfa02b7a0f90ce75b57ee7c4bf0991d33 3638954 locales-all_2.11.3-3_amd64.deb
054ada49f201f9e1f2843fb7d1596ac59146cf99 3812738 libc6-i386_2.11.3-3_amd64.deb
5ee0a553e437cc4949fb7c021453ea0a19154754 1526888 libc6-dev-i386_2.11.3-3_amd64.deb
7e80fc40c06bab7e386ea45491682ec046ba86b9 197476 nscd_2.11.3-3_amd64.deb
b1cab2087af3f939811435c68650d09a46b304e8 10479116 libc6-dbg_2.11.3-3_amd64.deb
dc05ecf4ce6bd89acb224b0535219a302d474159 1152206 libc6-udeb_2.11.3-3_amd64.udeb
86aaf30c261b489f187baac2b1c33663e41801ab 11102 libnss-dns-udeb_2.11.3-3_amd64.udeb
58fadfdfdcc23fad4650d5fccf814cf5e1859b46 20130 libnss-files-udeb_2.11.3-3_amd64.udeb
Checksums-Sha256:
21b7df393ca2351180ec08a784d60744f777997fff0ca69bb20867c38a7566d6 2609 eglibc_2.11.3-3.dsc
2097f43bc3bf50c3840c5db79018f58ea58cbbffbb0956039459d666d80da860 913754 eglibc_2.11.3-3.diff.gz
8be9bf16a11297dd30ec5d002b87bb99406f2c437d0250c2557e2645192937d0 1851436 glibc-doc_2.11.3-3_all.deb
a7e5cfed0314de55f44b1cb6232d37e7b9a3e8e8e3f05989cb48fd4b96e41eb5 11114212 eglibc-source_2.11.3-3_all.deb
3c366cf22b87d1b8c320c4eccf95b2ac18848621fbb642558247225cd96d1d0e 4761188 locales_2.11.3-3_all.deb
1b2f38222585e2e9f51487243d2463c93a362077753f45bd752c8ce2463e22bc 4281114 libc6_2.11.3-3_amd64.deb
cca409ece8bd33bdfa9287b7704796ced44d9d9b5cc121107e18e0429cf5cd96 2592448 libc6-dev_2.11.3-3_amd64.deb
1d7e5d7a1799831a15255352bdf6df1314323227f8187e21d9edfcd38f0002a1 2035812 libc6-prof_2.11.3-3_amd64.deb
770b4e7b3b2b17b31e823a8e2eca39b5518901c16d62a732e83bbec26528a77d 1549350 libc6-pic_2.11.3-3_amd64.deb
4cb0b6fcbf855231e1c1d34c7e5af9276176bc88658dad84c10d0111ee6f5407 748806 libc-bin_2.11.3-3_amd64.deb
4223da4aacff0ae0d9a1f98c3ccc6cf923116971f04f5d88666df9a2ad78c800 210126 libc-dev-bin_2.11.3-3_amd64.deb
1a51bb4746887a6a57a930f91dcd8b03564d29e84a24c356a9c26a49d29990a4 3638954 locales-all_2.11.3-3_amd64.deb
baef7c5244cb6a3a5c2cc35e4bbdf872c6f630246e35584af65f1e8b0bd9ffd0 3812738 libc6-i386_2.11.3-3_amd64.deb
14422692caeb5cc5fa052e47d9a7d47b898462a6eac7ca4a046a608afa6c550a 1526888 libc6-dev-i386_2.11.3-3_amd64.deb
d908523f842cc09e4d9400d2e5badd51d33c4cd54e7fee7ded6caf9ea7745d4d 197476 nscd_2.11.3-3_amd64.deb
d71370357b7d0339645756ee10eb647aed6d6a1725cc029a8cfefa444e00a50b 10479116 libc6-dbg_2.11.3-3_amd64.deb
472c86f1f8d300485116265754ea10a9fe08a828b2bd2026d11cb0eeaeedf0ea 1152206 libc6-udeb_2.11.3-3_amd64.udeb
e96423ce4157539c51464020f417b8e687f6e3f744e243f71ad5662ce87a5de4 11102 libnss-dns-udeb_2.11.3-3_amd64.udeb
7f360e7d8a71e4b4c448c8d9caafeb64e6c900d8ccfeef5ad97ba3da6a8cb60d 20130 libnss-files-udeb_2.11.3-3_amd64.udeb
Files:
7ee93f8a5051d8096c4182e76e50ca7a 2609 libs required eglibc_2.11.3-3.dsc
59106f7e1fbbdd90b64bc5669f6e8dd2 913754 libs required eglibc_2.11.3-3.diff.gz
5ab9b1d7e1645ac2e2fefa6d8c487b95 1851436 doc optional glibc-doc_2.11.3-3_all.deb
abca1c3a2d894afc2d41f764bbbdf993 11114212 devel optional eglibc-source_2.11.3-3_all.deb
a3ed5ca4fc69a9ff8c3a9e5012697f47 4761188 localization standard locales_2.11.3-3_all.deb
07a353abfe37f8bca8376efe88a58161 4281114 libs required libc6_2.11.3-3_amd64.deb
8dc0ecbb93eb32188ea66e315ad7ea54 2592448 libdevel optional libc6-dev_2.11.3-3_amd64.deb
8a40d9e8505f3ef6f810876d2cd9421c 2035812 libdevel extra libc6-prof_2.11.3-3_amd64.deb
7d18bd9c231b58da0e1f47de0280f36c 1549350 libdevel optional libc6-pic_2.11.3-3_amd64.deb
2a2d2091d57ceb47482b2c1c98e55ee9 748806 libs required libc-bin_2.11.3-3_amd64.deb
4a85e2e91cbb26c91aedecfc0dede39c 210126 libdevel optional libc-dev-bin_2.11.3-3_amd64.deb
7e48362d70f4006873ae6648b6e5a063 3638954 localization extra locales-all_2.11.3-3_amd64.deb
aa139c699e7fe32147f7e5f67af55ba7 3812738 libs optional libc6-i386_2.11.3-3_amd64.deb
1478e4a8a7d282ca93cc4d22a45c540d 1526888 libdevel optional libc6-dev-i386_2.11.3-3_amd64.deb
687930f00d35153606bf2db8b53e56f8 197476 admin optional nscd_2.11.3-3_amd64.deb
000c8cae48a97a62b4700698ffb623b3 10479116 debug extra libc6-dbg_2.11.3-3_amd64.deb
79b49d7be47dd0bdc11913a6111a3a91 1152206 debian-installer extra libc6-udeb_2.11.3-3_amd64.udeb
3c6f4397da2590919b6027dd16eb2aff 11102 debian-installer extra libnss-dns-udeb_2.11.3-3_amd64.udeb
5e175673fe514c20004624d1dcc22b61 20130 debian-installer extra libnss-files-udeb_2.11.3-3_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFPOBBOw3ao2vG823MRAhMSAJ9yVQRpkJy7x7cVGjx93qlFcvHfswCeNOlu
PswZYu8Ez1EpX5iWaaiT2Tc=
=EtNa
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: