Bug#270485: marked as done (libgksu1.2-0: contains several buffer overflows)

[Debian Bug Tracking System]

Your message dated Tue, 07 Sep 2004 22:47:05 -0400
with message-id <E1C4sUD-00025p-00@newraff.debian.org>
and subject line Bug#270485: fixed in libgksu1.2 1.2.4-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Sep 2004 15:30:16 +0000
>From martin@veggie.intranet.fbn-dd.de Tue Sep 07 08:30:16 2004
Return-path: <martin@veggie.intranet.fbn-dd.de>
Received: from mail.fbn-dd.de (mond.intranet.fbn-dd.de) [195.227.105.178] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C4hvD-0000Go-00; Tue, 07 Sep 2004 08:30:15 -0700
Received: from sonne.intranet.fbn-dd.de (192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
	by mond.intranet.fbn-dd.de (Postfix) with ESMTP id 6962315105
	for <submit@bugs.debian.org>; Tue,  7 Sep 2004 17:30:01 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by sonne.intranet.fbn-dd.de (Postfix) with ESMTP id 30DE81CA75
	for <submit@bugs.debian.org>; Tue,  7 Sep 2004 17:29:58 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
	by localhost (AvMailGate-2.0.1.16) id 21762-31AFE623;
	Tue, 07 Sep 2004 17:29:58 +0200
Received: from veggie (10-28-130-200.intranet-28-130.fbn-dd.de [10.28.130.200])
	by sonne.intranet.fbn-dd.de (Postfix) with ESMTP id 1AB151CA75
	for <submit@bugs.debian.org>; Tue,  7 Sep 2004 17:29:58 +0200 (CEST)
Received: by veggie (Postfix, from userid 1000)
	id 84C2F17E5F; Tue,  7 Sep 2004 17:29:56 +0200 (CEST)
Date: Tue, 7 Sep 2004 17:29:55 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: Allan Douglas <allan_douglas@gmx.net>
Subject: libgksu1.2-0: contains several buffer overflows
Message-ID: <20040907152947.GA13642@localhost.localdomain>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg"
Content-Disposition: inline
X-Reportbug-Version: 2.62
User-Agent: Mutt/1.5.6+20040523i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.27.0.6; VDF: 6.27.0.50; host: sonne)
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--gKMricLos+KVdGMg
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: libgksu1.2-0
Version: 1.2.3-1
Severity: important
Tags: patch

Hi Gustavo, hi Allan!

I discovered several buffer overflows and a non-zero-terminated printf
in libgksu which cause gksudo to segfault (see changelog and patch for
details). I don't think that this error has major security
implications, therefore I leave the severity at important.

I put the patch (against our company's version 1.2.2) to

http://sqash.this.segfault.no-name-yet.com/patches/libgksu1.2.bufoverflow.d=
iff

Applying it to the unstable version will fail at the Debian changelog
(because of the different version numbers), but the source patch
applies cleanly.

Please push this change upstream.

Changelog:

|libgksu1.2 (1.2.2-1ubuntu1) warty; urgency=3Dlow
|
|  * libgksu/gksu-context.c:gksu_context_sudo_run():=20
|    - char buf[16] was repeatedly overflowed by reading/writing 256 bytes,
|    causing segfaults and improper status messages; having two buffers 'bu=
f'
|    and 'buffer' with different lengths does not really avoid errors, so '=
buf'
|    was eliminated completely=20
|    - properly zero-terminated buffer before printf()'ing it
|    (Closes: Warty bug #1060)
|
| -- Martin Pitt <mpitt@debian.org>  Tue,  7 Sep 2004 16:50:28 +0200

Thanks and have a nice day!

Martin

--=20
Martin Pitt                 Debian GNU/Linux Developer
martin@piware.de                      mpitt@debian.org
http://www.piware.de             http://www.debian.org

--gKMricLos+KVdGMg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBPdPrDecnbV4Fd/IRArs7AKDUPXbjDoLRhUKeOhRjqMluKUOXBQCgsSrZ
Am7f9S2IpM2zlhQYm1vyvdg=
=1O8u
-----END PGP SIGNATURE-----

--gKMricLos+KVdGMg--

---------------------------------------
Received: (at 270485-close) by bugs.debian.org; 8 Sep 2004 02:53:07 +0000
>From katie@ftp-master.debian.org Tue Sep 07 19:53:07 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C4sa3-0005oh-00; Tue, 07 Sep 2004 19:53:07 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1C4sUD-00025p-00; Tue, 07 Sep 2004 22:47:05 -0400
From: Gustavo Noronha Silva <kov@debian.org>
To: 270485-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#270485: fixed in libgksu1.2 1.2.4-1
Message-Id: <E1C4sUD-00025p-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 07 Sep 2004 22:47:05 -0400
Delivered-To: 270485-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: libgksu1.2
Source-Version: 1.2.4-1

We believe that the bug you reported is fixed in the latest version of
libgksu1.2, which is due to be installed in the Debian FTP archive:

libgksu1.2-0_1.2.4-1_i386.deb
  to pool/main/libg/libgksu1.2/libgksu1.2-0_1.2.4-1_i386.deb
libgksu1.2-dev_1.2.4-1_i386.deb
  to pool/main/libg/libgksu1.2/libgksu1.2-dev_1.2.4-1_i386.deb
libgksu1.2_1.2.4-1.diff.gz
  to pool/main/libg/libgksu1.2/libgksu1.2_1.2.4-1.diff.gz
libgksu1.2_1.2.4-1.dsc
  to pool/main/libg/libgksu1.2/libgksu1.2_1.2.4-1.dsc
libgksu1.2_1.2.4.orig.tar.gz
  to pool/main/libg/libgksu1.2/libgksu1.2_1.2.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 270485@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gustavo Noronha Silva <kov@debian.org> (supplier of updated libgksu1.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  7 Sep 2004 23:04:07 -0300
Source: libgksu1.2
Binary: libgksu1.2-dev libgksu1.2-0
Architecture: source i386
Version: 1.2.4-1
Distribution: unstable
Urgency: high
Maintainer: Gustavo Noronha Silva <kov@debian.org>
Changed-By: Gustavo Noronha Silva <kov@debian.org>
Description: 
 libgksu1.2-0 - library providing su and sudo functionality
 libgksu1.2-dev - library providing su and sudo functionality (development files)
Closes: 270485
Changes: 
 libgksu1.2 (1.2.4-1) unstable; urgency=high
 .
   * New upstream release
   - includes patch by Martin Pitt <martin.pitt@canonical.com>
     to fix buffer overflows (Closes: #270485)
   - seting priority to high to make this change go into sarge
     asap
Files: 
 7038b10d4b70cf6335e2cef9505bd27f 668 admin optional libgksu1.2_1.2.4-1.dsc
 7a7449d649ea7012c958e4372a9db88a 559121 admin optional libgksu1.2_1.2.4.orig.tar.gz
 17b26db6b2dd42333333a1cdf1e2e558 6110 admin optional libgksu1.2_1.2.4-1.diff.gz
 14150795238e14f61b69c0350014a2a9 26242 libs optional libgksu1.2-0_1.2.4-1_i386.deb
 ef4d8440b82aebe81ef32947c48f1345 21454 libdevel optional libgksu1.2-dev_1.2.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBPmoct1anjIgqbEsRAnrJAJ9sk2UxnNweGfNqd50v8plHUbAnigCgrrIn
8lB7LTAwpSV9JElodZouo+8=
=GE1B
-----END PGP SIGNATURE-----