[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#769285: marked as done (unblock aircrack-ng/1:1.2-0~beta3-3)

Your message dated Wed, 12 Nov 2014 21:58:04 +0100
with message-id <20141112205804.GD2077@betterave.cristau.org>
and subject line Re: Bug#769285: unblock aircrack-ng/1:1.2-0~beta3-2
has caused the Debian Bug report #769285,
regarding unblock aircrack-ng/1:1.2-0~beta3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
769285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769285
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Subject: unblock: aircrack-ng/1:1.2-0~beta3-2
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: important
X-Debbugs-CC: carnil@debian.org


Please unblock package aircrack-ng

It fixes 4 security vulnerabilities. (#767979)

https://security-tracker.debian.org/tracker/CVE-2014-8321
https://security-tracker.debian.org/tracker/CVE-2014-8322
https://security-tracker.debian.org/tracker/CVE-2014-8323
https://security-tracker.debian.org/tracker/CVE-2014-8324

Attached is the debdiff against the package in testing.


unblock aircrack-ng/1:1.2-0~beta3-2

diff -Nru aircrack-ng-1.2-0~beta3/debian/changelog aircrack-ng-1.2-0~beta3/debian/changelog
--- aircrack-ng-1.2-0~beta3/debian/changelog	2014-05-30 19:40:13.000000000 +0200
+++ aircrack-ng-1.2-0~beta3/debian/changelog	2014-11-12 00:16:47.000000000 +0100
@@ -1,3 +1,14 @@
+aircrack-ng (1:1.2-0~beta3-2) unstable; urgency=high
+
+  * Fix the following security vulnerabilities: (Closes: #767979)
+    * CVE-2014-8321 - GPS stack overflow.
+    * CVE-2014-8322 - tcp_test stack overflow.
+    * CVE-2014-8323 - buddy-ng missing checkin data format.
+    * CVE-2014-8324 - net_get missing check for invalid values.
+  * Add missing dh-python package to Build-Depends.
+
+ -- Carlos Alberto Lopez Perez <clopez@igalia.com>  Tue, 11 Nov 2014 23:41:52 +0100
+
 aircrack-ng (1:1.2-0~beta3-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru aircrack-ng-1.2-0~beta3/debian/control aircrack-ng-1.2-0~beta3/debian/control
--- aircrack-ng-1.2-0~beta3/debian/control	2014-05-30 18:39:20.000000000 +0200
+++ aircrack-ng-1.2-0~beta3/debian/control	2014-11-12 00:15:54.000000000 +0100
@@ -5,6 +5,7 @@
 Homepage: http://www.aircrack-ng.org/
 Build-Depends:
  debhelper (>= 9),
+ dh-python,
  libgcrypt20-dev | libgcrypt11-dev,
  libnl-genl-3-dev [linux-any],
  libpcap0.8-dev,
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff	1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff	2014-11-11 23:52:09.000000000 +0100
@@ -0,0 +1,26 @@
+From ff70494dd389ba570dbdbf36f217c28d4381c6b5 Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org>
+Date: Fri, 3 Oct 2014 01:51:21 +0000
+Subject: [PATCH] Airodump-ng: Fixed GPS stack overflow (Closes #13 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2416 28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/airodump-ng.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/airodump-ng.c b/src/airodump-ng.c
+index 6cec912..222492c 100644
+--- a/src/airodump-ng.c
++++ b/src/airodump-ng.c
+@@ -4497,7 +4497,7 @@ void gps_tracker( void )
+         	}
+ 
+         	// New version, JSON
+-        	if( recv( gpsd_sock, line + pos, sizeof( line ) - 1, 0 ) <= 0 )
++        	if( recv( gpsd_sock, line + pos, sizeof( line ) - pos - 1, 0 ) <= 0 )
+         		return;
+ 
+         	// search for TPV class: {"class":"TPV"
+-- 
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff	1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff	2014-11-11 23:52:57.000000000 +0100
@@ -0,0 +1,27 @@
+From 091b153f294b9b695b0b2831e65936438b550d7b Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org>
+Date: Fri, 3 Oct 2014 01:53:50 +0000
+Subject: [PATCH] Aireplay-ng: Fixed tcp_test stack overflow (Closes #14 on
+ GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2417 28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/aireplay-ng.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/aireplay-ng.c b/src/aireplay-ng.c
+index 7335442..b397015 100644
+--- a/src/aireplay-ng.c
++++ b/src/aireplay-ng.c
+@@ -5398,6 +5398,8 @@ int tcp_test(const char* ip_str, const short port)
+         if( (unsigned)caplen == sizeof(nh))
+         {
+             len = ntohl(nh.nh_len);
++            if (len > 1024 || len < 0)
++                continue;
+             if( nh.nh_type == 1 && i==0 )
+             {
+                 i=1;
+-- 
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff	1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff	2014-11-11 23:53:42.000000000 +0100
@@ -0,0 +1,26 @@
+From da087238963c1239fdabd47dc1b65279605aca70 Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org>
+Date: Fri, 3 Oct 2014 01:58:02 +0000
+Subject: [PATCH] Buddy-ng: Fixed segmentation fault (Closes #15 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2418 28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/buddy-ng.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/buddy-ng.c b/src/buddy-ng.c
+index 8a7927c..8da8996 100644
+--- a/src/buddy-ng.c
++++ b/src/buddy-ng.c
+@@ -83,6 +83,8 @@ int handle(int s, unsigned char* data, int len, struct sockaddr_in *s_in)
+ 	*cmd++ = htons(S_CMD_PACKET);
+ 	*cmd++ = *pid;
+ 	plen = len - 2;
++    if (plen < 0)
++        return 0;
+ 
+ 	last_id = ntohs(*pid);
+ 	if (last_id > 20000)
+-- 
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff	1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff	2014-11-11 23:54:55.000000000 +0100
@@ -0,0 +1,27 @@
+From 88702a3ce4c28a973bf69023cd0312f412f6193e Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org>
+Date: Fri, 3 Oct 2014 02:00:34 +0000
+Subject: [PATCH] OSdep: Fixed segmentation fault that happens with a malicious
+ server sending a negative length (Closes #16 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2419 28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/osdep/network.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/osdep/network.c b/src/osdep/network.c
+index 4f0f8b2..4ebfaf4 100644
+--- a/src/osdep/network.c
++++ b/src/osdep/network.c
+@@ -131,7 +131,7 @@ int net_get(int s, void *arg, int *len)
+ 	if (!(plen <= *len))
+ 		printf("PLEN %d type %d len %d\n",
+ 			plen, nh.nh_type, *len);
+-	assert(plen <= *len); /* XXX */
++	assert(plen <= *len && plen > 0); /* XXX */
+ 
+ 	*len = plen;
+ 	if ((*len) && (net_read_exact(s, arg, *len) == -1))
+-- 
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/series aircrack-ng-1.2-0~beta3/debian/patches/series
--- aircrack-ng-1.2-0~beta3/debian/patches/series	2014-05-20 20:31:44.000000000 +0200
+++ aircrack-ng-1.2-0~beta3/debian/patches/series	2014-11-11 23:59:00.000000000 +0100
@@ -2,3 +2,7 @@
 001-Airodump_whitespace_oui.diff
 002-fix-libnl-detection.diff
 003-dont-abort-libnl-nolinux.diff
+004-CVE-2014-8321.diff
+005-CVE-2014-8322.diff
+006-CVE-2014-8323.diff
+007-CVE-2014-8324.diff

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
On Wed, Nov 12, 2014 at 19:23:35 +0100, Carlos Alberto Lopez Perez wrote:

> Please unblock aircrack-ng/1:1.2-0~beta3-3

That code doesn't inspire any sort of confidence...  Unblocked.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: