Ubuntu
torque package

Merge lp:~noskcaj/ubuntu/utopic/torque/cve-fix into lp:ubuntu/utopic/torque

  1. Utopic (14.10)
  2. cve-fix
  3. Merge into utopic
Proposed by Jackson Doak
Status: Needs review
Proposed branch: lp:~noskcaj/ubuntu/utopic/torque/cve-fix
Merge into: lp:ubuntu/utopic/torque
Diff against target: 80 lines (+60/-0)
3 files modified
debian/changelog (+19/-0)
debian/patches/CVE-2014-0749.patch (+40/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~noskcaj/ubuntu/utopic/torque/cve-fix
Reviewer Review Type Date Requested Status
Daniel Holbach (community) Approve
Review via email: mp+220890@code.launchpad.net

Description of the change

Merge cve fix from debian

To post a comment you must log in.
Revision history for this message
Daniel Holbach (dholbach) wrote :

Thanks. Uploaded.

review: Approve
Reply

Unmerged revisions

17. By Jackson Doak

* Merge from debian. Remaining changes:
  - Build using dh-autoreconf.
  - Specified multiarch Tcl and Tk locations during configure,
    fixing FTBFS.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-12-17 07:39:52 +0000
3+++ debian/changelog 2014-05-25 21:28:24 +0000
4@@ -1,3 +1,22 @@
5+torque (2.4.16+dfsg-1.4ubuntu1) utopic; urgency=medium
6+
7+ * Merge from debian. Remaining changes:
8+ - Build using dh-autoreconf.
9+ - Specified multiarch Tcl and Tk locations during configure,
10+ fixing FTBFS.
11+
12+ -- Jackson Doak <noskcaj@ubuntu.com> Mon, 26 May 2014 07:14:38 +1000
13+
14+torque (2.4.16+dfsg-1.4) unstable; urgency=high
15+
16+ * Non-maintainer upload by the Security Team.
17+ * Add CVE-2014-0749.patch patch.
18+ CVE-2014-0749: Fix stack-based buffer overflow vulnerability which can
19+ be exploited in order to remotely execute code from an unauthenticated
20+ perspective. (Closes: #748827)
21+
22+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 21 May 2014 20:56:21 +0200
23+
24 torque (2.4.16+dfsg-1.3ubuntu1) trusty; urgency=medium
25
26 * Merge from debian. Remaining changes:
27
28=== added file 'debian/patches/CVE-2014-0749.patch'
29--- debian/patches/CVE-2014-0749.patch 1970-01-01 00:00:00 +0000
30+++ debian/patches/CVE-2014-0749.patch 2014-05-25 21:28:24 +0000
31@@ -0,0 +1,40 @@
32+Description: Fix stack-based buffer overflow in disrsi_.c
33+ CVE-2014-0749: The file disrsi_.c fails to ensure that the length of
34+ count (which is read from the request packet) is less than dis_umaxd
35+ prior to being used in a later memcpy(). As a result a specially
36+ crafted request can smuggle through a count value which is later
37+ decremented and becomes the ct value in a memcpy() made from within
38+ tcp_gets():
39+ .
40+ memcpy((char *)str, tp->tdis_leadp, ct);
41+ .
42+ This failure to validate count allows control over the size of the
43+ memcpy() to be leveraged and as a result control over the amount of
44+ data read from the remainder of the packet. If this value is large the
45+ memcpy() will overwrite the stack and so can be leveraged in order to
46+ gain control over the execution of the program.
47+Origin: upstream, https://github.com/adaptivecomputing/torque/commit/3ed749263abe3d69fa3626d142a5789dcb5a5684
48+Bug: https://github.com/adaptivecomputing/torque/pull/171
49+Bug-Debian: https://bugs.debian.org/748827
50+Forwarded: not-needed
51+Author: David Beer <dbeer@adaptivecomputing.com>
52+Last-Update: 2014-05-21
53+
54+--- a/src/lib/Libdis/disrsi_.c
55++++ b/src/lib/Libdis/disrsi_.c
56+@@ -112,6 +112,15 @@ int disrsi_(
57+ if (dis_umaxd == 0)
58+ disiui_();
59+
60++ if (count >= dis_umaxd)
61++ {
62++ if (count > dis_umaxd)
63++ goto overflow;
64++
65++ if (memcmp(scratch, dis_umax, dis_umaxd) > 0)
66++ goto overflow;
67++ }
68++
69+ switch (c = (*dis_getc)(stream))
70+ {
71+
72
73=== modified file 'debian/patches/series'
74--- debian/patches/series 2013-12-17 07:39:52 +0000
75+++ debian/patches/series 2014-05-25 21:28:24 +0000
76@@ -7,3 +7,4 @@
77 CVE-2013-4319.patch
78 fix-FTBFS-on-kfreebsd.patch
79 CVE-2013-4495.patch
80+CVE-2014-0749.patch

Subscribers

People subscribed via source and target branches

to all changes: