Bug#598301: marked as done (qtparted: CVE-2010-3375: insecure library loading)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 28 Sep 2010 07:32:18 +0000
with message-id <E1P0Ufi-0001jo-0p@franck.debian.org>
and subject line Bug#598301: fixed in qtparted 0.4.5-8
has caused the Debian Bug report #598301,
regarding qtparted: CVE-2010-3375: insecure library loading
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
598301: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598301
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qtparted: CVE-2010-3375: insecure library loading
• From: Raphael Geissert <geissert@debian.org>
• Date: Tue, 28 Sep 2010 04:22:43 +0000
• Message-id: <[🔎] E1P0RiE-0006uI-SE@alioth.debian.org>

Package: qtparted
Version: 0.4.5-7
Severity: grave
Tags: security
User: team@security.debian.org
Usertags: ldpath

Hello,

During a review of the Debian archive, I've found your package to
contain a script that can be abused by an attacker to execute arbitrary
code.

The vulnerability is introduced by an insecure change to
LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for
libraries on a directory other than the standard paths.

Vulnerable code follows:

/usr/sbin/run_qtparted line 47:
export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"

When there's an empty item on the colon-separated list of
LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
If the given script is executed from a directory where a potential,
local, attacker can write files to, there's a chance to exploit this
bug.

This vulnerability has been assigned the CVE id CVE-2010-3375. Please make sure
you mention it when forwarding this report to upstream and when fixing
this bug (everywhere: upstream and here at Debian.)

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3375
[1] http://security-tracker.debian.org/tracker/CVE-2010-3375

Sincerely,
Raphael Geissert

--- End Message ---

--- Begin Message ---

• To: 598301-close@bugs.debian.org
• Subject: Bug#598301: fixed in qtparted 0.4.5-8
• From: Anibal Monsalve Salazar <anibal@debian.org>
• Date: Tue, 28 Sep 2010 07:32:18 +0000
• Message-id: <E1P0Ufi-0001jo-0p@franck.debian.org>

Source: qtparted
Source-Version: 0.4.5-8

We believe that the bug you reported is fixed in the latest version of
qtparted, which is due to be installed in the Debian FTP archive:

qtparted_0.4.5-8.debian.tar.gz
  to main/q/qtparted/qtparted_0.4.5-8.debian.tar.gz
qtparted_0.4.5-8.dsc
  to main/q/qtparted/qtparted_0.4.5-8.dsc
qtparted_0.4.5-8_mipsel.deb
  to main/q/qtparted/qtparted_0.4.5-8_mipsel.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 598301@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated qtparted package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 Sep 2010 16:10:55 +1000
Source: qtparted
Binary: qtparted
Architecture: source mipsel
Version: 0.4.5-8
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 qtparted   - A parted frontend using QT
Closes: 598301
Changes: 
 qtparted (0.4.5-8) unstable; urgency=high
 .
   * QA upload.
   * Fix CVE-2010-3375 insecure library loading
   * Closes: 598301
Checksums-Sha1: 
 b2b18e2ca2586f0821a9b87141725838ab9ce0ed 1862 qtparted_0.4.5-8.dsc
 53e854d4fe89792bcf4ef0e48f6b7bff11c97e51 303777 qtparted_0.4.5-8.debian.tar.gz
 c0165e709c78a91a1b5844c0a3fe3d1d2026ebda 218184 qtparted_0.4.5-8_mipsel.deb
Checksums-Sha256: 
 8d1283f0bde600f241ab282f764818ab556e25f07b9fe980c24dd652b94cbeff 1862 qtparted_0.4.5-8.dsc
 9a4fbedec08079404ad1c1bbc639560d4f30cd66559e3b22dfc822017b994c91 303777 qtparted_0.4.5-8.debian.tar.gz
 1ee0cdcdcb7fd067d6bde0001da91484213346b763f3f497b70a260ad2897863 218184 qtparted_0.4.5-8_mipsel.deb
Files: 
 67a9cd96ed037ea5d35e4dfb93600983 1862 x11 optional qtparted_0.4.5-8.dsc
 ba64e43366394b3d29c39e89ce95e2e4 303777 x11 optional qtparted_0.4.5-8.debian.tar.gz
 44bb27129b15ba0de3c37b515643e25a 218184 x11 optional qtparted_0.4.5-8_mipsel.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJMoZZuAAoJEHxWrP6UeJfYg+QP/1NrZpbaEKEGH2WEtTWqDTz7
xSQEqr5SURHfEmf0FrD57DNZ8ddtbfRgCzefrp35rihc1ft2rRy0nD25+VStAjoz
lNDeJXvXwgGpg7/pWnfvBoNQjBlOw2VTZhZ/r0RPQTHmLD2LpjmfuhIGvR/OuTkO
3uuyZ9V7yrgl51vI3LM0KZPrNQcleV9porcxDxLVEXU8yN+ZiAsu5cVxv29RqqQf
y4XP3FyDErB/aHETp46MOx5BtIXn5twVjMyW0RpOSLF/zBt4hEvJzGjrJWlKgxnv
OZwfiABYLUjLA958uy0bG+P/Gml70XQEMhlm1BSYmgITVn2/A3h7inGSWpLhFljn
6z94wYuiyXyIIqh8WsRqHEbnMGc9G8yBwy2edINVpd8Z1sI+dVYjn0/A7tE1VjKs
0ftYiA+ZqiY1R4Lur0u8xA6b5J0Ep6px2EyTYEM6AvmTtjP7R2i65bfI2rpKgGEY
sh5CKRGUb2l3Lp3Z9aJcH9cn94t7PTWfHgiRwzvA9iGFMKqCVFiUVRnZ+gxATPTX
0VTvDAamIz0kY4Xf+zUmtVyXk1CyLarDW+cvwSfu5BpBbVMp5o7bW/2/5OB9LEwx
w/LKgcNfEjFp0xgPE86O5suCbiCwqUAC1zo/P4zRpXVBExKUy7yQKT2vcQHJvu50
n6K9MDVh/DpGZyB5RXqh
=OYJB
-----END PGP SIGNATURE-----

--- End Message ---