[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

please unblock tau/2.16.4-1.4



please unblock tau/2.16.4-1.4                                                                                                                                                                                                     

the debdiff is below

debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc | diffstat
 debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff |   35 ++++++++++
 tau-2.16.4/debian/changelog                                          |    9 ++
 tau-2.16.4/debian/patches/series                                     |    1 
 3 files changed, 45 insertions(+)
debdiff tau_2.16.4-1.3.dsc tau_2.16.4-1.4.dsc
diff -u tau-2.16.4/debian/changelog tau-2.16.4/debian/changelog
--- tau-2.16.4/debian/changelog
+++ tau-2.16.4/debian/changelog
@@ -1,3 +1,12 @@
+tau (2.16.4-1.4) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix CVE-2010-3382 insecure library loading
+    Add debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+    Closes: 598303
+
+ -- Anibal Monsalve Salazar <anibal@debian.org>  Wed, 06 Oct 2010 20:55:41 +1100
+
 tau (2.16.4-1.3) unstable; urgency=low
 
   * Non-maintainer upload
diff -u tau-2.16.4/debian/patches/series tau-2.16.4/debian/patches/series
--- tau-2.16.4/debian/patches/series
+++ tau-2.16.4/debian/patches/series
@@ -6,0 +7 @@
+06-598303-CVE-2010-3382-insecure-library-loading.diff
only in patch2:
unchanged:
--- tau-2.16.4.orig/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
+++ tau-2.16.4/debian/patches/06-598303-CVE-2010-3382-insecure-library-loading.diff
@@ -0,0 +1,35 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3382
+http://security-tracker.debian.org/tracker/CVE-2010-3382
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303
+
+Raphael Geissert have found that this package contains a script that
+can be abused by an attacker to execute arbitrary code.
+
+The vulnerability is introduced by an insecure change to
+LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for
+libraries on a directory other than the standard paths.
+
+Vulnerable code follows:
+
+/usr/bin/tauex line 197:
+export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
+
+When there's an empty item on the colon-separated list of
+LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
+If the given script is executed from a directory where a potential,
+local, attacker can write files to, there's a chance to exploit this
+bug.
+
+Patch by Julien Cristau <jcristau@debian.org>
+
+--- a/tools/src/tauex.in	2007-05-19 09:04:55.000000000 +1000
++++ b/tools/src/tauex.in	2010-10-06 19:03:38.000000000 +1100
+@@ -194,7 +194,7 @@ for c in $Counters ; do 
+ done
+ 
+ 
+-export LD_LIBRARY_PATH=$TAUROOT/$TAUARCH/lib/$theBinding:$LD_LIBRARY_PATH
++export LD_LIBRARY_PATH="$TAUROOT/$TAUARCH/lib/$theBinding${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+ 
+ if [ $verbose = "true" ] ; then
+     echo "Matching bindings: $bindings"

Attachment: signature.asc
Description: Digital signature


Reply to: