Debian Bug report logs -
#310139
kmd: Integer overflow in ELF header parsing
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sat, 21 May 2005 23:48:01 UTC
Severity: grave
Tags: fixed, patch, security
Found in version 0.9.19-1
Done: "Jose M. Moya" <josem@die.upm.es>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, josem@die.upm.es (Jose M. Moya):
Bug#310139; Package kmd.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, josem@die.upm.es (Jose M. Moya).
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: kmd
Version: 0.9.19-1
Severity: grave
Tags: security
Justification: user security hole
kmd uses binutils-dev's BFD library for ELF header parsing and is therefore
vulnerable to it's integer overflow in ELF segment handling. kmd needs to be
recompiled against binutils-dev 2.15-6 once this has entered the archive.
I've verified a that a complete rebuild with binutils-dev from incoming.d.o
correctly refuses the invalid ELF header of the crafted test binary.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Versions of packages kmd depends on:
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libglib1.2 1.2.10-10 The GLib library of C routines
ii libgtk1.2 1.2.10-17 The GIMP Toolkit set of widgets fo
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-12.0.1 X Window System miscellaneous exte
ii libxi6 4.3.0.dfsg.1-12.0.1 X Window System Input extension li
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, josem@die.upm.es (Jose M. Moya):
Bug#310139; Package kmd.
(full text, mbox, link).
Acknowledgement sent to Roger Leigh <rleigh@whinlatter.ukfsn.org>:
Extra info received and forwarded to list. Copy sent to josem@die.upm.es (Jose M. Moya).
(full text, mbox, link).
Message #10 received at 310139@bugs.debian.org (full text, mbox, reply):
tags 310139 + patch sarge
thanks
I have done an NMU to rebuild against the new binutils-dev. The
changes are as detailed in the diff below.
Release Team: please could you approve this for sarge?
Regards,
Roger
--- kmd.orig/kmd-0.9.19/debian/changelog 2005-05-25 13:47:38.178957288 +0100
+++ kmd.new/kmd-0.9.19/debian/changelog 2005-05-25 13:50:36.954779232 +0100
@@ -1,3 +1,11 @@
+kmd (0.9.19-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Build-Depend on binutils-dev >= 2.15-6, in order to prevent an
+ integer overflow in ELF header parsing (Closes: #310139).
+
+ -- Roger Leigh <rleigh@debian.org> Wed, 25 May 2005 13:48:47 +0100
+
kmd (0.9.19-1) unstable; urgency=low
* New upstream release.
--- kmd.orig/kmd-0.9.19/debian/control 2005-05-25 13:47:38.179957136 +0100
+++ kmd.new/kmd-0.9.19/debian/control 2005-05-25 13:48:28.401322328 +0100
@@ -2,7 +2,7 @@
Section: devel
Priority: optional
Maintainer: Jose M. Moya <josem@die.upm.es>
-Build-Depends: debhelper (>= 4.0.0), libgtk1.2-dev, autotools-dev, binutils-dev
+Build-Depends: debhelper (>= 4.0.0), libgtk1.2-dev, autotools-dev, binutils-dev (>= 2.15-6)
Standards-Version: 3.6.1
Package: kmd
--
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
Tags added: patch, sarge
Request was from Roger Leigh <rleigh@whinlatter.ukfsn.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: fixed
Request was from Roger Leigh <rleigh@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: fixed
Request was from Roger Leigh <rleigh@whinlatter.ukfsn.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, josem@die.upm.es (Jose M. Moya):
Bug#310139; Package kmd.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to josem@die.upm.es (Jose M. Moya).
(full text, mbox, link).
Message #21 received at 310139@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, May 25, 2005 at 02:37:26PM +0100, Roger Leigh wrote:
> I have done an NMU to rebuild against the new binutils-dev. The
> changes are as detailed in the diff below.
> Release Team: please could you approve this for sarge?
Yep, approved.
Thanks,
--
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]
Tags added: pending
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags set to: fixed, patch, security
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to "Jose M. Moya" <josem@die.upm.es>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #30 received at 310139-done@bugs.debian.org (full text, mbox, reply):
Patch applied to my build tree.
Closing as no new version is expected in the near future and there is no
reason for a new upload.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Aug 14 22:45:52 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.