[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2697-1] gnutls26 security update



Hi!

I like if see this somebody.

Thank you.

Beatrix


2013/5/29 Florian Weimer <fw@deneb.enyo.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2697-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
May 29, 2013                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gnutls26
Vulnerability  : out-of-bounds array read
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-2116
Debian Bug     : 709301

It was discovered that a malicious client could crash a GNUTLS server
and vice versa, by sending TLS records encrypted with a block cipher
which contain invalid padding.

The oldstable distribution (squeeze) is not affected because the
security fix that introduced this vulnerability was not applied to it.

For the stable distribution (wheezy), this problem has been fixed in
version 2.12.20-7.

For the unstable distribution (sid), this problem has been fixed in
version 2.12.23-5.

We recommend that you upgrade your gnutls26 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRplgnAAoJEL97/wQC1SS+vdkH/jAIIOkjyJlPm5mxUCH6uDJA
mDQ5Vd+0VoSDPz6fPfxWHPbDaFCdPZWU5v7rGlVsIwKXgDRIOuJm30xcKsguVWMz
PSgGQIrhVU+79283ZaSO/qXBkaRZ/0Ti9NpBKzguSZWK/PmwwfkMvkvuABF/xgAQ
yy5k02XL9pDwM0SX83GGRiJK37qodMAx7kk4PcWT2eO1dlTkiAhLLFS6TDvEAjll
bCMoNHqu9wAtOGKKdzOI7RCePy/WR+JQTMTvFLmJ3PlhtRHC7LP6va0AmtPcF+Wl
KJSEBZCyQF8BdBobMkUqFI3hXHZ/uT3435A/5nd75vriTnianrhfRxxr9FgS0Nk=
=3G6P
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87d2s9y2u9.fsf@mid.deneb.enyo.de


-module %s
.include %s
Invalid resample method '%s'.L:F:ChDnp:kvhelpversiondump-confdump-modulesdaemonizefailverboselog-levelhigh-priorityrealtimedisallow-module-loadingdisallow-exitexit-idle-timescache-idle-timelog-targetlog-metalog-timelog-backtraceloaddl-search-pathresample-methodkillstartuse-pid-filechecksystemno-cpu-limitdisable-shmdump-resample-methodscleanup-shm%s [options]

COMMANDS:
  -h, --help                            Show this help
      --version                         Show version
      --dump-conf                       Dump default configuration
      --dump-modules                    Dump list of available modules
      --dump-resample-methods           Dump available resample methods
      --cleanup-shm                     Cleanup stale shared memory segments
      --start                           Start the daemon if it is not running
  -k  --kill                            Kill a running daemon
      --check                           Check for a running daemon (only returns exit code)

OPTIONS:
      --system[=BOOL]                   Run as system-wide instance
  -D, --daemonize[=BOOL]                Daemonize after startup
      --fail[=BOOL]                     Quit when startup fails
      --high-priority[=BOOL]            Try to set high nice level
                                        (only available as root, when SUID or
                                        with elevated RLIMIT_NICE)
      --realtime[=BOOL]                 Try to enable realtime scheduling
                                        (only available as root, when SUID or
                                        with elevated RLIMIT_RTPRIO)
      --disallow-module-loading[=BOOL]  Disallow module user requested module
                                        loading/unloading after startup
      --disallow-exit[=BOOL]            Disallow user requested exit
      --exit-idle-time=SECS             Terminate the daemon when idle and this
                                        time passed
      --module-idle-time=SECS           Unload autoloaded modules when idle and
                                        this time passed
      --scache-idle-time=SECS           Unload autoloaded samples when idle and
                                        this time passed
      --log-level[=LEVEL]               Increase or set verbosity level
  -v                                    Increase the verbosity level
      --log-target={auto,syslog,stderr,file:PATH}
                                        Specify the log target
      --log-meta[=BOOL]                 Include code location in log messages
      --log-time[=BOOL]                 Include timestamps in log messages
      --log-backtrace=FRAMES            Include a backtrace in log messages
  -p, --dl-search-path=PATH             Set the search path for dynamic shared
                                        objects (plugins)
      --resample-method=METHOD          Use the specified resampling method
                                        (See --dump-resample-methods for
                                        possible values)
      --use-pid-file[=BOOL]             Create a PID file
      --no-cpu-limit[=BOOL]             Do not install CPU load limiter on
                                        platforms that support it.
      --disable-shm[=BOOL]              Disable shared memory support.

STARTUP SCRIPT:
  -L, --load="MODULE ARGUMENTS"         Load the specified plugin module with
                                        the specified argument
  -F, --file=FILENAME                   Run the specified script
  -C                                    Open a command line on the running TTY
                                        after startup

  -n                                    Don't load default script file
load-module module-cli exit_on_eof=1
--log-level expects log level argument (either numeric in range 0..4 or one of debug, info, notice, warn, error).Invalid log target: use either 'syslog', 'stderr' or 'auto' or a valid file name 'file:<path>'.��x���������������(�������������������������������������������������������X�����H�����h���������������@�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������X�0� ��x���@������ �����h���H�p�(�������H�������p�`�8�0� �pa_cmdline_helppa_cmdline_helppa_cmdline_parsepa_cmdline_parse���������	'
5
   D
`ir�������������daemon/cpulimit.csig == 24f == PA_IO_EVENT_INPUTe == io_eventfd == the_pipe[0]!api!io_eventthe_pipe[0] == -1the_pipe[1] == -1!installedpipe() failed: %sgetrusage(RUSAGE_SELF, &ru) >= 0getrlimit(RLIMIT_CPU, &rl) >= 0setrlimit(RLIMIT_CPU, &rl) >= 0Soft CPU time limit exhausted, terminating.
Hard CPU time limit exhausted, terminating forcibly.
Received request to terminate due to CPU overload.sigaction(SIGXCPU, &sigaction_prev, NULL) >= 0pa_cpu_limit_initpa_cpu_limit_initsignal_handlersignal_handlerXcallbackcallbackreset_cpu_timereset_cpu_timepa_cpu_limit_donepa_cpu_limit_done�_��Kgfffff�?daemon/daemon-conf.cfilenamelvaluervalue[%s:%u] Invalid rlimit '%s'./usr/lib/pulse-1.1/modulesstringautosyslogstderrfile:debuginfonoticewarnusernonerealtime-schedulingsystem-instancelocal-server-typeenable-shmflat-volumeslock-memoryenable-deferred-volumerealtime-prioritydefault-sample-formatdefault-sample-ratedefault-sample-channelsdefault-channel-mapdefault-fragmentsdefault-fragment-size-msecnice-leveldisable-remixingenable-remixingdisable-lfe-remixingenable-lfe-remixingload-default-script-fileshm-size-bytesrlimit-fsizerlimit-datarlimit-stackrlimit-corerlimit-rssrlimit-nofilerlimit-asrlimit-nprocrlimit-memlockrlimit-locksrlimit-sigpendingrlimit-msgqueuerlimit-nicerlimit-rtpriorlimit-rttimePULSE_CONFIG/etc/pulse/daemon.confPULSE_DLPATHPULSE_SCRIPT/etc/pulse/system.pa/etc/pulse/default.panodaemonize = %s
fail = %s
high-priority = %s
nice-level = %i
realtime-scheduling = %s
realtime-priority = %i
allow-module-loading = %s
allow-exit = %s
use-pid-file = %s
system-instance = %s
local-server-type = %s
cpu-limit = %s
enable-shm = %s
flat-volumes = %s
lock-memory = %s
exit-idle-time = %i
scache-idle-time = %i
dl-search-path = %s
default-script-file = %s
log-target = %s
log-level = %s
resample-method = %s
enable-remixing = %s
enable-lfe-remixing = %s
default-sample-format = %s
default-sample-rate = %u
default-sample-channels = %u
default-channel-map = %s
default-fragments = %u
enable-deferred-volume = %s
shm-size-bytes = %lu
log-meta = %s
log-time = %s
log-backtrace = %u
rlimit-fsize = %li
rlimit-data = %li
rlimit-stack = %li
rlimit-core = %li
rlimit-rss = %li
rlimit-as = %li
rlimit-nproc = %li
rlimit-nofile = %li
rlimit-memlock = %li
rlimit-locks = %li
rlimit-sigpending = %li
rlimit-msgqueue = %li
rlimit-nice = %li
rlimit-rtprio = %li
rlimit-rttime = %li
!!UNSET!!errorwarning[%s:%u] Invalid nice level '%s'.[%s:%u] Invalid fragment size '%s'.[%s:%u] Invalid number of fragments '%s'.[%s:%u] Invalid sample channels '%s'.[%s:%u] Invalid channel map '%s'.[%s:%u] Invalid sample rate '%s'.[%s:%u] Invalid sample format '%s'.[%s:%u] Invalid realtime priority '%s'.Failed to open target file %s, error : %s
[%s:%u] Invalid log target '%s'.[%s:%u] Invalid log level '%s'.[%s:%u] Invalid resample method '%s'.[%s:%u] Invalid server type '%s'.deferred-volume-safety-margin-usecdeferred-volume-extra-delay-usecFailed to open configuration file: %sThe specified default channel map has a different number of channels than the specified default number of channels.### Read from configuration file: %s ###
c->log_level < PA_LOG_LEVEL_MAXload-default-script-file = %s
default-fragment-size-msec = %u
deferred-volume-safety-margin-usec = %u
deferred-volume-extra-delay-usec = %d
����	@B@D�pa_daemon_conf_freepa_daemon_conf_freepa_daemon_conf_set_log_targetpa_daemon_conf_set_log_targetpa_daemon_conf_set_log_levelpa_daemon_conf_set_log_levelpa_daemon_conf_set_resample_methodpa_daemon_conf_set_resample_methodpa_daemon_conf_set_local_server_typepa_daemon_conf_set_local_server_typepa_daemon_conf_loadparse_rlimitparse_rlimitparse_nice_levelparse_nice_levelparse_fragment_size_msecparse_fragment_size_msecparse_fragmentsparse_fragmentsparse_channel_mapparse_channel_mapparse_sample_channelsparse_sample_channelsparse_sample_rateparse_sample_rateparse_sample_formatparse_sample_formatparse_resample_methodparse_resample_methodparse_log_levelparse_log_levelparse_log_targetparse_log_targetparse_rtprioparse_rtprioparse_server_typeparse_server_typepa_daemon_conf_envpa_daemon_conf_envpa_daemon_conf_get_default_script_filepa_daemon_conf_get_default_script_filepa_daemon_conf_open_default_script_filepa_daemon_conf_open_default_script_filepa_daemon_conf_dumppa_daemon_conf_dump[�`)/OJDdaemon/dumpmodules.cName: %s
Version: %s
Description: %s
Author: %s
Usage: %s
Load Once: %s
DEPRECATION WARNING: %s
Path: %s
n/a%-40s%s
module-No module information available
pa_dump_modulespa_dump_modulesshort_infoshort_infolong_infolong_infoshow_infoshow_infodaemon/ltdl-bind-now.csymbolfnamelt_dlinit() == 0lt_dlopenbind-now-loaderlt_dlexit() == 0Failed to find original lt_dlopen loader.Failed to allocate new dl loader.Failed to add bind-now-loader.pa_ltdl_initpa_ltdl_initbind_now_find_symbind_now_find_symbind_now_closebind_now_closebind_now_openbind_now_openpa_ltdl_donepa_ltdl_doneUnable to contact D-Bus: %s: %ssetrlimit(%s, (%u, %u)) failed: %s/proc/self/exe does not point to %s, cannot self execute. Are you playing games?Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?Couldn't canonicalize binary path, cannot self execute.Code should not be reached at %s:%u, function %s(). Aborting.System mode refused for non-root user. Only starting the D-Bus server lookup service.conf->cmd == PA_CMD_DAEMON || conf->cmd == PA_CMD_STARTThis program is not intended to be run as root (unless --system is specified).--start not supported for system instances.User-configured server at %s, which appears to be local. Probing deeper.User-configured server at %s, refusing to start/autospawn.Running in system mode, but --disallow-exit not set!Running in system mode, but --disallow-module-loading not set!Running in system mode, forcibly disabling SHM mode!Running in system mode, forcibly disabling exit idle time!Failed to initialize autospawn lockFailed to acquire autospawn lockpa_close(daemon_pipe2[1]) == 0pa_close(daemon_pipe2[0]) == 0Found user '%s' (UID %lu) and group '%s' (GID %lu).GID of user '%s' and of group '%s' don't match.Home directory of user '%s' is not '%s', ignoring.Failed to change group list: %sSuccessfully dropped root privileges.-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall -W -Wextra -pipe -Wno-long-long -Wvla -Wno-overlength-strings -Wunsafe-loop-optimizations -Wundef -Wformat=2 -Wlogical-op -Wsign-compare -Wmissing-include-dirs -Wformat-nonliteral -Wpointer-arith -Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wmissing-prototypes -Wredundant-decls -Wmissing-declarations -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-align -Wstrict-aliasing -Wwrite-strings -Wno-unused-parameter -ffast-math -Wp,-D_FORTIFY_SOURCE=2 -fno-common -fdiagnostics-show-optionCompiled with Valgrind support: noOK, so you are running PA in system mode. Please note that you most likely shouldn't be doing that.
If you do it nonetheless then it's your own fault if things don't work as expected.
Please read http://pulseaudio.org/wiki/WhatIsWrongWithSystemMode for an explanation why system mode is usually a bad idea.Fresh high-resolution timers available! Bon appetit!Dude, your kernel stinks! The chef's recommendation today is Linux with high-resolution timers enabled!Successfully locked process into memory.pa_signal_init(pa_mainloop_get_api(mainloop)) == 0pa_cpu_limit_init(pa_mainloop_get_api(mainloop)) == 0dbus_threads_init_default() failed.Daemon startup without any loaded modules, refusing to work.!obj || obj->check_type(pa_object_type_id)daemon/main.cGot %s!Failed to acquire %s: %s: %sD-Bus name %s already taken.Got signal %s.module-climodule-cli-protocol-unixExiting.LD_BIND_NOW/usr/bin/pulseaudio/proc/self/exeexecv(rp, argv) == 0PULSE_PASSED_FDFailed to parse command line.Too many arguments.
pulseaudio 1.1Daemon not runningDaemon running as PID %uFailed to kill daemon: %snative{%s}unix:%sFailed to acquire stdio.fork() failed: %spa_close(daemon_pipe[1]) == 0read() failed: %sDaemon startup failed.Daemon startup successful.pa_close(daemon_pipe[0]) == 0setsid() failed: %sdaemon_pipe[1] >= 0PULSE_INTERNAL/chdir("/") == 0RLIMIT_FSIZERLIMIT_DATARLIMIT_STACKRLIMIT_CORERLIMIT_RSSRLIMIT_NPROCRLIMIT_NOFILERLIMIT_MEMLOCKRLIMIT_ASRLIMIT_LOCKSRLIMIT_SIGPENDINGRLIMIT_MSGQUEUERLIMIT_NICERLIMIT_RTPRIORLIMIT_RTTIMEFailed to find user '%s'.Failed to find group '%s'./var/run/pulseFailed to create '%s': %s/var/lib/pulseFailed to change GID: %sFailed to change UID: %sUSERUSERNAMELOGNAMEHOMEPULSE_RUNTIME_PATHPULSE_CONFIG_PATHPULSE_STATE_PATHPULSE_SYSTEMThis is PulseAudio %sCompilation host: %si686-pc-linux-gnuCompilation CFLAGS: %sRunning on host: %sFound %u CPUs.Page size is %lu bytesRunning in valgrind mode: %sRunning in VM: %sOptimized build: yesAll asserts enabled.Failed to get machine IDMachine ID is %s.Session ID is %s.Using runtime directory %s.Using state directory %s.Using modules directory %s.Running in system mode: %spa_pid_file_create() failed.mlockall() failed: %smainloop = pa_mainloop_new()pa_core_new() failed.PULSE_NO_SIMDFailed to initialize daemon.org.PulseAudio1org.pulseaudio.ServerDaemon startup complete.Daemon shutdown initiated../pulsecore/object.hDaemon terminated.��]�'�D��������mainmainpa_object_castpa_object_castsignal_callbackset_one_rlimitset_one_rlimitchange_userregister_dbus_namedaemon/server-lookup.cslsl->path_registeredmsgIntrospectGetInvalid argumentsorg.PulseAudio.ServerLookup1Address%s: No such propertyFailed to load client.conf.Set%s: Property not settableGetAll{sv}sl->connorg.freedesktop.DBus.Introspectableorg.freedesktop.DBus.Propertiesorg.freedesktop.DBus.Error.InvalidArgsorg.PulseAudio.Core1.NoSuchPropertyErrororg.pulseaudio.ClientConfLoadErrorPulseAudio internal error: get_dbus_server_from_type() failed.org.freedesktop.DBus.Error.Failedorg.freedesktop.DBus.Error.AccessDenied/org/pulseaudio/server_lookup1dbus_connection_unregister_object_path() failed for /org/pulseaudio/server_lookup1.dbus_connection_register_object_path() failed for /org/pulseaudio/server_lookup1.pa_dbusobj_server_lookup_newmessage_cbmessage_cb<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd";>
<node> <!-- If you are looking for documentation make sure to check out
      http://pulseaudio.org/wiki/DBusInterface -->
 <interface name="org.PulseAudio.ServerLookup1">
  <property name="Address" type="s" access="read"/>
 </interface>
 <interface name="org.freedesktop.DBus.Introspectable">
  <method name="Introspect">
   <arg name="data" type="s" direction="out"/>
  </method>
 </interface>
 <interface name="org.freedesktop.DBus.Properties">
  <method name="Get">
   <arg name="interface_name" type="s" direction="in"/>
   <arg name="property_name" type="s" direction="in"/>
   <arg name="value" type="v" direction="out"/>
  </method>
  <method name="Set">
   <arg name="interface_name" type="s" direction="in"/>
   <arg name="property_name" type="s" direction="in"/>
   <arg name="value" type="v" direction="in"/>
  </method>
  <method name="GetAll">
   <arg name="interface_name" type="s" direction="in"/>
   <arg name="props" type="a{sv}" direction="out"/>
  </method>
 </interface>
</node>
handle_get_addresshandle_get_addresshandle_get_allhandle_get_allunregister_cbunregister_cbpa_dbusobj_server_lookup_freepa_dbusobj_server_lookup_free;�9\���<���	����
LL���
     �M���P��@|Q��dLX����Y���,Z��[��0�]��T�^��xlb����d����f��i��,<k��T\m��|lo����q����s����u��(�u��H�v��l�x����z����|��|~��4\��XL������������������<\���l���������ܚ����������������L���(	,���L	����h	L����	L����	����

L���L
l����
����
����
     ����0
          ���T
               <���|
                    �����
                         �����
                              zR
���                                  � h
  F
   J
    tx?;*2$",@�K��3�A
                         �C@

�A�A
      p�N����C@E
A�A
    T�O����A
               �A�A�C`�
C�A
     ��A�G
           �
CA
    AA
       (��U���F�I�d���}
����A
      
         W��/�E A�$8W��[C`P����{
����B
       `TX��<�CP�
A�A
     �pZ��C@E
H
  j
A
  ,�l[��z�A
              �F�.

�A�H
     0��^��oCPH�H�H�f
���G
     D
��A
    $
     �`��CPH�H�H�Z
���C
     $4�b��CPH�H�H�W
���F
     $\�d��CPH�H�H�X
���E
     $��f��CPH�H�H�b
���C
     $��h��
            C@H�H�H�P
���A
     $��j��CPH�H�H�^
���G
     $��l���C@H�H�H�C
���A
     0$�n��%CPH�H�H�r
���C
     P
��A
    X�p��0�C C� x�p����C@G
A�E
    (�(q��AF�N�]�V��
����A
      ,�Ls����A
                  �C@A

�A�A
     8�
        u����A
                �CPB

�A�G
     �

AB
   ,4�v����A
               �C@A

�A�A
      d@x����C@d
A�G
    ,��x����A
                �C@A

�A�A
     4��z��[C@\���]
���D
     X
��H
    X
��A
    ,��{����A
                �C@A

�A�A
     H �}���
            �A
               �A�F

C
  ��A�G
        [
C
  AH
     ,lX�����A
               �C@[

�A�A
     ,�������C@R
A�A
    h
AG
   $�x����C@b
C
  l
D
  f
A
  @� �����A
            �A�A�F�(
A�A
     ��A�B
           T8̒���A
                     �A�A�CP�
A�A
     ��A�H
           [
A�A
     ��A�A
           ������C@|
A
  (�h����CPH�F�F�F�}
����A
      <�������A
                 �A�A�C�
A�A
     ��A�B
           <������A
                      �A�A�F�n
A�A
     ��A�D
            X�����C@e
C�A
    |ؙ���C@l
A
   �L�����C@a
C�A
     �������C@Y
A�B
    �����kC@V
A
  <�h��z�C
             �C�A�EPfC�A
                                ��A�<�����C@H�L��H�
����B
      Q
����G
      g
����I
      <�����A
                �A�A�EpS
C�A
     ��A�A
O���    ,(���.�B
       
�A�A�A
      �A
          (�����C0F�J��I�R
����B
      	
                ����C@U
A
  (4	����%	F�U�N�V��F
����C
       `	����'�C@d
A�G
    $�	����C@H�L���
���F
     8�	����a�A
                �A�A�N0JA�A
                                  ��A��	�����	ڪ��(
c��cB
�A�A
    �A
        @�����������

  �
    
      =
        H
          h
            r

�t���o����P�
�
  �h����(���o���o�����o���o���f�v���������ƭ֭������&�6�F�V�f�v���������Ʈ֮������&�6�F�V�f�v���������Ư֯������&�6�F�V�f�v���������ưְ������&�6�F�V�f�v���������Ʊֱ������&�6�F�V�f�v���������Ʋֲ������&�6�F�V�f�v���������Ƴֳ������&�6�F�V�f�v���������ƴִ������&�6�F�V�f�v���������Ƶֵ������&�6�F�V�f�v���������ƶֶ������&�6�F�V�f�v���������Ʒַ������&�6�F�V�f�v���������Ƹָ������&�6�F�V�f�v���������ƹֹ������&�����������pulseaudio:�V.shstrtab.interp.note.ABI-tag.note.gnu.build-id.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rel.dyn.rel.plt.init.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.ctors.dtors.jcr.dynamic.got.data.bss.gnu_debuglink
                  T�Th�h !���$4���o����>
                                                         P�P�F����N���o���#�[���o���%�j	���&(s	���&h
                                               |�-.wP�P-�
                                                                �0�0:������ ��H ������<
�tt+�xx+���+���+���+0���,D�04@40� �40D0�macsek@macsek-Dimension-4600i:~$ 


Reply to: