[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#890125: marked as done (jessie-pu: package uwsgi/2.0.7-1+deb8u2)

Your message dated Sat, 17 Mar 2018 17:48:33 +0100
with message-id <20180317164833.GA25807@eldamar.local>
and subject line Re: Bug#890125: jessie-pu: package uwsgi/2.0.7-1+deb8u2
has caused the Debian Bug report #890125,
regarding jessie-pu: package uwsgi/2.0.7-1+deb8u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
890125: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890125
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi

The attached debdiff adresses CVE-2018-6758 / 889753 for uwsgi in
jessie. Cf.
http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html . The
issue does not warrant a DSA.

+uwsgi (2.0.7-1+deb8u2) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
+    (Closes: #889753)

Can it be considered for the upcoming jessie point release?

Regards,
Salvatore

diff -Nru uwsgi-2.0.7/debian/changelog uwsgi-2.0.7/debian/changelog
--- uwsgi-2.0.7/debian/changelog	2017-02-19 22:17:18.000000000 +0100
+++ uwsgi-2.0.7/debian/changelog	2018-02-06 21:39:42.000000000 +0100
@@ -1,3 +1,11 @@
+uwsgi (2.0.7-1+deb8u2) jessie; urgency=medium
+
+  * Non-maintainer upload.
+  * Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
+    (Closes: #889753)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 06 Feb 2018 21:39:42 +0100
+
 uwsgi (2.0.7-1+deb8u1) jessie; urgency=medium
 
   * Add patch cherry-picked upstream to fix compilation with recent
diff -Nru uwsgi-2.0.7/debian/patches/0001-improve-uwsgi_expand_path-to-sanitize-input-avoiding.patch uwsgi-2.0.7/debian/patches/0001-improve-uwsgi_expand_path-to-sanitize-input-avoiding.patch
--- uwsgi-2.0.7/debian/patches/0001-improve-uwsgi_expand_path-to-sanitize-input-avoiding.patch	1970-01-01 01:00:00.000000000 +0100
+++ uwsgi-2.0.7/debian/patches/0001-improve-uwsgi_expand_path-to-sanitize-input-avoiding.patch	2018-02-06 21:39:42.000000000 +0100
@@ -0,0 +1,46 @@
+From: Unbit <info@unbit.it>
+Date: Tue, 6 Feb 2018 16:01:47 +0100
+Subject: improve uwsgi_expand_path() to sanitize input, avoiding stack
+ corruption and potential security issue
+Origin: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
+Bug-Debian: https://bugs.debian.org/889753
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-6758
+
+---
+ core/utils.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/core/utils.c b/core/utils.c
+index b4c98dfd..fd886932 100644
+--- a/core/utils.c
++++ b/core/utils.c
+@@ -3674,9 +3674,12 @@ void uwsgi_write_pidfile_explicit(char *pidfile_name, pid_t pid) {
+ }
+ 
+ char *uwsgi_expand_path(char *dir, int dir_len, char *ptr) {
+-	char src[PATH_MAX + 1];
+-	memcpy(src, dir, dir_len);
+-	src[dir_len] = 0;
++	if (dir_len > PATH_MAX)
++	{
++		uwsgi_log("invalid path size: %d (max %d)\n", dir_len, PATH_MAX);
++		return NULL;
++	}
++	char *src = uwsgi_concat2n(dir, dir_len, "", 0);
+ 	char *dst = ptr;
+ 	if (!dst)
+ 		dst = uwsgi_malloc(PATH_MAX + 1);
+@@ -3684,8 +3687,10 @@ char *uwsgi_expand_path(char *dir, int dir_len, char *ptr) {
+ 		uwsgi_error_realpath(src);
+ 		if (!ptr)
+ 			free(dst);
++		free(src);
+ 		return NULL;
+ 	}
++	free(src);
+ 	return dst;
+ }
+ 
+-- 
+2.11.0
+
diff -Nru uwsgi-2.0.7/debian/patches/series uwsgi-2.0.7/debian/patches/series
--- uwsgi-2.0.7/debian/patches/series	2017-02-08 20:11:59.000000000 +0100
+++ uwsgi-2.0.7/debian/patches/series	2018-02-06 21:39:42.000000000 +0100
@@ -1,4 +1,5 @@
 020150415~f6e5db9.patch
+0001-improve-uwsgi_expand_path-to-sanitize-input-avoiding.patch
 1001_avoid_setting_RPATH.patch
 1002_fix-reload-process-name.patch
 1003_remove-php-libs.patch

--- End Message ---
--- Begin Message --- 
Hi

On Sun, Feb 11, 2018 at 01:05:04PM +0100, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hi
> 
> The attached debdiff adresses CVE-2018-6758 / 889753 for uwsgi in
> jessie. Cf.
> http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html . The
> issue does not warrant a DSA.
> 
> +uwsgi (2.0.7-1+deb8u2) jessie; urgency=medium
> +
> +  * Non-maintainer upload.
> +  * Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
> +    (Closes: #889753)
> 
> Can it be considered for the upcoming jessie point release?

The fix was included in DSA-4142-1 so this one can be closed.

Regards,
Salvatore

--- End Message ---
Reply to: