[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#922930: marked as done (stretch-pu: package slurm-llnl/16.05.9-1+deb9u2)

Your message dated Sat, 07 Sep 2019 14:37:11 +0100
with message-id <17351b82f829eb6917f78885cb849c4060b0a4a6.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 9.10 point release
has caused the Debian Bug report #922930,
regarding stretch-pu: package slurm-llnl/16.05.9-1+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
922930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922930
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

I'd like to update slurm-llnl in the next stable point release to
fix a security vulnerability (CVE-2019-6438) on 32-bit systems that
would potentially allow heap-overflow.

debdiff attached, diffstat follows:

 changelog             |    7 +++++
 patches/CVE-2019-6438 |   67 ++++++++++++++++++++++++++++++++++++++++++++++++++
 patches/series        |    1
 3 files changed, 75 insertions(+)

Thanks
-- 
Gennaro Oliva

diff -Nru slurm-llnl-16.05.9/debian/changelog slurm-llnl-16.05.9/debian/changelog
--- slurm-llnl-16.05.9/debian/changelog	2018-07-23 12:00:49.000000000 +0200
+++ slurm-llnl-16.05.9/debian/changelog	2019-02-21 17:24:53.000000000 +0100
@@ -1,3 +1,10 @@
+slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium
+
+  * Fix CVE-2019-6438 by adding mitigation for a potential
+    heap-overflow on 32-bit systems (Closes: #920997)
+
+ -- Gennaro Oliva <oliva.g@na.icar.cnr.it>  Thu, 21 Feb 2019 17:24:53 +0100
+
 slurm-llnl (16.05.9-1+deb9u2) stretch-security; urgency=high
 
   * Fix CVE-2018-10995 caused by mishandling user names (aka user_name
diff -Nru slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 slurm-llnl-16.05.9/debian/patches/CVE-2019-6438
--- slurm-llnl-16.05.9/debian/patches/CVE-2019-6438	1970-01-01 01:00:00.000000000 +0100
+++ slurm-llnl-16.05.9/debian/patches/CVE-2019-6438	2019-02-21 17:19:14.000000000 +0100
@@ -0,0 +1,67 @@
+Description: Add mitigation for a potential heap-overflow on 32-bit systems
+ Force intermediate values to uint64_t to catch the potential overflow
+ This patch was adapted from the changes of the 17.11 upstream branch
+Author: Gennaro Oliva <oliva.g@na.icar.cnr.it>
+Bug-Debian: https://bugs.debian.org/920997
+Origin: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda
+Forwarded: no
+Last-Update: 2019-02-12
+
+--- a/src/common/xmalloc.c
++++ b/src/common/xmalloc.c
+@@ -72,13 +72,17 @@ static void malloc_assert_failed(char *,
+  *   clear (IN) initialize to zero
+  *   RETURN	pointer to allocate heap space
+  */
+-void *slurm_xmalloc(size_t size, bool clear,
++void *slurm_xmalloc(uint64_t size, bool clear,
+ 		    const char *file, int line, const char *func)
+ {
+ 	void *new;
+ 	size_t *p;
+ 	size_t total_size = size + 2 * sizeof(size_t);
+ 
++
++	if (size > 0xffffffff)
++		fatal("attempt at overflow");
++
+ 	if (clear)
+ 		p = calloc(1, total_size);
+ 	else
+--- slurm-llnl-16.05.9.orig/src/common/xmalloc.h
++++ slurm-llnl-16.05.9/src/common/xmalloc.h
+@@ -76,6 +76,8 @@
+ #ifndef _XMALLOC_H
+ #define _XMALLOC_H
+ 
++#include <stdint.h>
++
+ #if HAVE_SYS_TYPES_H
+ #  include <sys/types.h>
+ #endif
+@@ -83,13 +85,13 @@
+ #include "macros.h"
+ 
+ #define xmalloc(__sz) \
+-	slurm_xmalloc (__sz, true, __FILE__, __LINE__, __CURRENT_FUNC__)
++	slurm_xmalloc ((uint64_t) __sz, true, __FILE__, __LINE__, __CURRENT_FUNC__)
+ 
+ #define xmalloc_nz(__sz) \
+-	slurm_xmalloc (__sz, false, __FILE__, __LINE__, __CURRENT_FUNC__)
++	slurm_xmalloc ((uint64_t) __sz, false, __FILE__, __LINE__, __CURRENT_FUNC__)
+ 
+ #define try_xmalloc(__sz) \
+-	slurm_try_xmalloc(__sz, __FILE__, __LINE__, __CURRENT_FUNC__)
++	slurm_try_xmalloc((uint64_t) __sz, __FILE__, __LINE__, __CURRENT_FUNC__)
+ 
+ #define xfree(__p) \
+ 	slurm_xfree((void **)&(__p), __FILE__, __LINE__, __CURRENT_FUNC__)
+@@ -109,7 +111,7 @@
+ #define xsize(__p) \
+ 	slurm_xsize((void *)__p, __FILE__, __LINE__, __CURRENT_FUNC__)
+ 
+-void *slurm_xmalloc(size_t, bool, const char *, int, const char *);
++void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *);
+ void *slurm_try_xmalloc(size_t , const char *, int , const char *);
+ void slurm_xfree(void **, const char *, int, const char *);
+ void *slurm_xrealloc(void **, size_t, bool, const char *, int, const char *);
diff -Nru slurm-llnl-16.05.9/debian/patches/series slurm-llnl-16.05.9/debian/patches/series
--- slurm-llnl-16.05.9/debian/patches/series	2018-06-22 09:53:34.000000000 +0200
+++ slurm-llnl-16.05.9/debian/patches/series	2019-02-21 17:19:14.000000000 +0100
@@ -5,3 +5,4 @@
 CVE-2017-15566
 CVE-2018-10995
 CVE-2018-7033
+CVE-2019-6438

--- End Message ---
--- Begin Message --- 
Version: 9.10

Hi,

The fixes referenced by each of these bugs were included in today's
stretch point release (9.10).

Regards,

Adam

--- End Message ---
Reply to: