--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package slurm-llnl/16.05.9-1+deb9u2
- From: Gennaro Oliva <oliva.g@na.icar.cnr.it>
- Date: Thu, 21 Feb 2019 22:56:32 +0100
- Message-id: <20190221215621.GA32606@ischia>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
I'd like to update slurm-llnl in the next stable point release to
fix a security vulnerability (CVE-2019-6438) on 32-bit systems that
would potentially allow heap-overflow.
debdiff attached, diffstat follows:
changelog | 7 +++++
patches/CVE-2019-6438 | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
patches/series | 1
3 files changed, 75 insertions(+)
Thanks
--
Gennaro Oliva
diff -Nru slurm-llnl-16.05.9/debian/changelog slurm-llnl-16.05.9/debian/changelog
--- slurm-llnl-16.05.9/debian/changelog 2018-07-23 12:00:49.000000000 +0200
+++ slurm-llnl-16.05.9/debian/changelog 2019-02-21 17:24:53.000000000 +0100
@@ -1,3 +1,10 @@
+slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium
+
+ * Fix CVE-2019-6438 by adding mitigation for a potential
+ heap-overflow on 32-bit systems (Closes: #920997)
+
+ -- Gennaro Oliva <oliva.g@na.icar.cnr.it> Thu, 21 Feb 2019 17:24:53 +0100
+
slurm-llnl (16.05.9-1+deb9u2) stretch-security; urgency=high
* Fix CVE-2018-10995 caused by mishandling user names (aka user_name
diff -Nru slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 slurm-llnl-16.05.9/debian/patches/CVE-2019-6438
--- slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 1970-01-01 01:00:00.000000000 +0100
+++ slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 2019-02-21 17:19:14.000000000 +0100
@@ -0,0 +1,67 @@
+Description: Add mitigation for a potential heap-overflow on 32-bit systems
+ Force intermediate values to uint64_t to catch the potential overflow
+ This patch was adapted from the changes of the 17.11 upstream branch
+Author: Gennaro Oliva <oliva.g@na.icar.cnr.it>
+Bug-Debian: https://bugs.debian.org/920997
+Origin: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda
+Forwarded: no
+Last-Update: 2019-02-12
+
+--- a/src/common/xmalloc.c
++++ b/src/common/xmalloc.c
+@@ -72,13 +72,17 @@ static void malloc_assert_failed(char *,
+ * clear (IN) initialize to zero
+ * RETURN pointer to allocate heap space
+ */
+-void *slurm_xmalloc(size_t size, bool clear,
++void *slurm_xmalloc(uint64_t size, bool clear,
+ const char *file, int line, const char *func)
+ {
+ void *new;
+ size_t *p;
+ size_t total_size = size + 2 * sizeof(size_t);
+
++
++ if (size > 0xffffffff)
++ fatal("attempt at overflow");
++
+ if (clear)
+ p = calloc(1, total_size);
+ else
+--- slurm-llnl-16.05.9.orig/src/common/xmalloc.h
++++ slurm-llnl-16.05.9/src/common/xmalloc.h
+@@ -76,6 +76,8 @@
+ #ifndef _XMALLOC_H
+ #define _XMALLOC_H
+
++#include <stdint.h>
++
+ #if HAVE_SYS_TYPES_H
+ # include <sys/types.h>
+ #endif
+@@ -83,13 +85,13 @@
+ #include "macros.h"
+
+ #define xmalloc(__sz) \
+- slurm_xmalloc (__sz, true, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_xmalloc ((uint64_t) __sz, true, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+ #define xmalloc_nz(__sz) \
+- slurm_xmalloc (__sz, false, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_xmalloc ((uint64_t) __sz, false, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+ #define try_xmalloc(__sz) \
+- slurm_try_xmalloc(__sz, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_try_xmalloc((uint64_t) __sz, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+ #define xfree(__p) \
+ slurm_xfree((void **)&(__p), __FILE__, __LINE__, __CURRENT_FUNC__)
+@@ -109,7 +111,7 @@
+ #define xsize(__p) \
+ slurm_xsize((void *)__p, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+-void *slurm_xmalloc(size_t, bool, const char *, int, const char *);
++void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *);
+ void *slurm_try_xmalloc(size_t , const char *, int , const char *);
+ void slurm_xfree(void **, const char *, int, const char *);
+ void *slurm_xrealloc(void **, size_t, bool, const char *, int, const char *);
diff -Nru slurm-llnl-16.05.9/debian/patches/series slurm-llnl-16.05.9/debian/patches/series
--- slurm-llnl-16.05.9/debian/patches/series 2018-06-22 09:53:34.000000000 +0200
+++ slurm-llnl-16.05.9/debian/patches/series 2019-02-21 17:19:14.000000000 +0100
@@ -5,3 +5,4 @@
CVE-2017-15566
CVE-2018-10995
CVE-2018-7033
+CVE-2019-6438
--- End Message ---