Bug#311164: marked as done (CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs)
Your message dated Tue, 16 Aug 2005 22:32:40 -0700
with message-id <E1E5GXY-0003Wv-00@spohr.debian.org>
and subject line Bug#311164: fixed in kernel-source-2.4.27 2.4.27-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 May 2005 13:47:01 +0000
>From jmm@inutil.org Sun May 29 06:47:00 2005
Return-path: <jmm@inutil.org>
Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DcO84-0004x1-00; Sun, 29 May 2005 06:47:00 -0700
Received: from p54893b55.dip.t-dialin.net ([84.137.59.85] helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DcO5T-0003P6-PV
for submit@bugs.debian.org; Sun, 29 May 2005 15:44:20 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DcO7q-0001Xl-Nx; Sun, 29 May 2005 15:46:46 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0757: DoS possibility in xattrs handling on 64 bits archs
X-Mailer: reportbug 3.12
Date: Sun, 29 May 2005 15:46:46 +0200
Message-Id: <E1DcO7q-0001Xl-Nx@localhost.localdomain>
X-SA-Exim-Connect-IP: 84.137.59.85
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: kernel-source-2.4.27
Severity: important
Tags: security
Quoting from http://rhn.redhat.com/errata/RHSA-2005-294.html:
A flaw in offset handling in the xattr file system code backported to
Red Hat Enterprise Linux 3 was fixed. On 64-bit systems, a user who
can access an ext3 extended-attribute-enabled file system could cause
a denial of service (system crash). This issue is rated as having a
moderate security impact (CAN-2005-0757).
I couldn't find further information on whether this is already fixed
in 2.4.27, do you have further information?
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
---------------------------------------
Received: (at 311164-close) by bugs.debian.org; 17 Aug 2005 05:43:42 +0000
>From katie@spohr.debian.org Tue Aug 16 22:43:42 2005
Return-path: <katie@spohr.debian.org>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E5GXY-0003Wv-00; Tue, 16 Aug 2005 22:32:40 -0700
From: Simon Horman <horms@debian.org>
To: 311164-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#311164: fixed in kernel-source-2.4.27 2.4.27-11
Message-Id: <E1E5GXY-0003Wv-00@spohr.debian.org>
Sender: Archive Administrator <katie@spohr.debian.org>
Date: Tue, 16 Aug 2005 22:32:40 -0700
Delivered-To: 311164-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: kernel-source-2.4.27
Source-Version: 2.4.27-11
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.4.27, which is due to be installed in the Debian FTP archive:
kernel-doc-2.4.27_2.4.27-11_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-11_all.deb
kernel-patch-debian-2.4.27_2.4.27-11_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-11_all.deb
kernel-source-2.4.27_2.4.27-11.diff.gz
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11.diff.gz
kernel-source-2.4.27_2.4.27-11.dsc
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11.dsc
kernel-source-2.4.27_2.4.27-11_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-11_all.deb
kernel-tree-2.4.27_2.4.27-11_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-11_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 311164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.4.27 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 16 Aug 2005 14:33:45 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-11
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description:
kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Closes: 311164 319629 320256 323318
Changes:
kernel-source-2.4.27 (2.4.27-11) unstable; urgency=low
.
[ Simon Horman ]
* 167_arch-ia64-x86_64_execve.diff:
Race condition in the ia32 compatibility code for the execve system call
See CAN-2005-1768. (closes: #319629).
.
* 168_fs_ext3_64bit_offset.diff:
Incorrect offset checks for ext3 xattr on 64 bit architectures
can lead to a local DoS.
See CAN-2005-0757. (closes: #311164).
.
* 169_arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
[Security, x86_64] This works around an AMD Erratum by
checking if the ptrace RIP is canonical.
See CAN-2005-1762
.
* 169_arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
[Security, x86_64] Fix canonical checking for segment registers in ptrace
See CAN-2005-0756
.
* Makefile-gcc-3.3.dpatch, control
Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
fails to build this source. Upstream has stated that they
have no intention making the 2.4 kernel compile with gcc-4
(closes: #320256, #323318)
.
* 171_arch-ia64-x86_64-execve-overflow.diff
[Security, ia64, x86_64] Fix overflow in 32bit execve
See CAN-2005-1768
.
* 172_ppc32-time_offset-misuse.diff
[ppc32] stop misusing ntps time_offset value
.
* 173_tty_ldisc_ref-return-null-check.diff
tty_ldisc_ref return null check
.
* 174_net-ipv4-netfilter-nat-mem.diff
Fix potential memory corruption in NAT code (aka memory NAT)
.
* 175-net-ipv6-netfilter-deadlock.diff
Fix deadlock in ip6_queue
.
* 176_ipsec-array-overflow.diff
[Security] Fix possible overflow of sock->sk_policy
See CAN-2005-2456 (See: #321401)
.
* 177_rocket_c-fix-ldisc-ref-count.diff
Fix ldisc ref count handling in rocketport driver
.
* 178_fs_ext2_ext3_xattr-sharing.diff
[Security] Xattr sharing bug
See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
.
* 179_net-ipv4-netfilter-ip_recent-last_pkts.diff
[Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
(See: #322237)
.
* 181_arch-x86_64-kernel-stack-faults.diff
[Security, x86_64] Disable exception stack for stack faults
See CAN-2005-1767
.
* 182_linux-zlib-fixes.diff
[Security] Fix security bugs in the Linux zlib implementations.
See CAN-2005-2458, CAN-2005-2459
From 2.6.12.5
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
http://bugs.gentoo.org/show_bug.cgi?id=94584
.
* zisofs.dpatch
Check input buffer size in zisofs
From 2.6.12.5
Files:
9281af78c1635c2fc173a1b03dae9a3c 888 devel optional kernel-source-2.4.27_2.4.27-11.dsc
c4c5568392fd7a8a8363f6c49302c8fb 698860 devel optional kernel-source-2.4.27_2.4.27-11.diff.gz
44cd21034fa465914b5c6161cbf352f8 649888 devel optional kernel-patch-debian-2.4.27_2.4.27-11_all.deb
2b298cf33cf3b5207a33ca62f482802b 2377560 doc optional kernel-doc-2.4.27_2.4.27-11_all.deb
c8f39c90e1aa1a3349f7780e2ac72159 31031688 devel optional kernel-source-2.4.27_2.4.27-11_all.deb
eddf052c0e395d1091ca6f8d60cb5dd7 24254 devel optional kernel-tree-2.4.27_2.4.27-11_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDAYbQdu+M6Iexz7URAmVpAJ4lFoHl07feQLtY3t/1L66I5NVCIwCeMSsd
2LZoevnCkdhHDXTGcYLMIwg=
=REj2
-----END PGP SIGNATURE-----
Reply to: