Debian Bug report logs -
#859948
libnl3: CVE-2017-0553
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 9 Apr 2017 13:51:04 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version libnl3/3.2.24-2
Fixed in version libnl3/3.2.27-2
Done: Heiko Stuebner <mmind@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Heiko Stuebner <mmind@debian.org>:
Bug#859948; Package src:libnl3.
(Sun, 09 Apr 2017 13:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Heiko Stuebner <mmind@debian.org>.
(Sun, 09 Apr 2017 13:51:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libnl3
Version: 3.2.24-2
Severity: important
Tags: patch upstream security fixed-upstream
Hi,
the following vulnerability was published for libnl3.
CVE-2017-0553[0]:
| An elevation of privilege vulnerability in libnl could enable a local
| malicious application to execute arbitrary code within the context of
| the Wi-Fi service. This issue is rated as Moderate because it first
| requires compromising a privileged process and is mitigated by current
| platform configurations. Product: Android. Versions: 5.0.2, 5.1.1,
| 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065.
This is not android specific and fixed in [1] upstream.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-0553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553
[1] http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
Regards,
Salvatore
Reply sent
to Heiko Stuebner <mmind@debian.org>:
You have taken responsibility.
(Mon, 10 Apr 2017 10:39:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 10 Apr 2017 10:39:03 GMT) (full text, mbox, link).
Message #10 received at 859948-close@bugs.debian.org (full text, mbox, reply):
Source: libnl3
Source-Version: 3.2.27-2
We believe that the bug you reported is fixed in the latest version of
libnl3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 859948@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Heiko Stuebner <mmind@debian.org> (supplier of updated libnl3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 10 Apr 2017 11:48:23 +0200
Source: libnl3
Binary: libnl-3-200 libnl-cli-3-200 libnl-utils libnl-genl-3-200 libnl-idiag-3-200 libnl-nf-3-200 libnl-route-3-200 libnl-xfrm-3-200 libnl-3-dev libnl-cli-3-dev libnl-genl-3-dev libnl-idiag-3-dev libnl-nf-3-dev libnl-route-3-dev libnl-xfrm-3-dev libnl-3-200-dbg libnl-3-200-udeb libnl-genl-3-200-udeb
Architecture: source amd64
Version: 3.2.27-2
Distribution: unstable
Urgency: low
Maintainer: Heiko Stuebner <mmind@debian.org>
Changed-By: Heiko Stuebner <mmind@debian.org>
Description:
libnl-3-200 - library for dealing with netlink sockets
libnl-3-200-dbg - debug symbols for libnl3
libnl-3-200-udeb - library for dealing with netlink sockets (udeb)
libnl-3-dev - development library and headers for libnl-3
libnl-cli-3-200 - library for dealing with netlink sockets - cli helpers
libnl-cli-3-dev - development library and headers for libnl-cli-3
libnl-genl-3-200 - library for dealing with netlink sockets - generic netlink
libnl-genl-3-200-udeb - library for dealing with netlink sockets - generic netlink (udeb)
libnl-genl-3-dev - development library and headers for libnl-genl-3
libnl-idiag-3-200 - library for dealing with netlink sockets - inetdiag interface
libnl-idiag-3-dev - development library and headers for libnl-genl-3
libnl-nf-3-200 - library for dealing with netlink sockets - netfilter interface
libnl-nf-3-dev - development library and headers for libnl-nf-3
libnl-route-3-200 - library for dealing with netlink sockets - route interface
libnl-route-3-dev - development library and headers for libnl-route-3
libnl-utils - Utilities for dealing with netlink sockets
libnl-xfrm-3-200 - library for dealing with netlink sockets - package transformation
libnl-xfrm-3-dev - development library and headers for libnl-xfrm-3
Closes: 859948
Changes:
libnl3 (3.2.27-2) unstable; urgency=low
.
* Add upstream fix for CVE-2017-0553 (Closes: #859948)
Checksums-Sha1:
8be2f453c3b9499a73315c167e2a821948ef30d8 2735 libnl3_3.2.27-2.dsc
4f079bb6acf8faef32886fa04c14171693cb51a6 19288 libnl3_3.2.27-2.debian.tar.xz
7aa7737fff61e44e5cf80a724d588d9c1fcb8422 1166352 libnl-3-200-dbg_3.2.27-2_amd64.deb
416bfb5b105a735c0cd87e10ffec36c3f694743d 46584 libnl-3-200-udeb_3.2.27-2_amd64.udeb
d45f6949696c8e0707e742ad878658c2bf078c9c 61488 libnl-3-200_3.2.27-2_amd64.deb
9cda34ad4be36bd549811691dca77fb25079198a 96246 libnl-3-dev_3.2.27-2_amd64.deb
3a21e38a1eccd5a4d086970fc39a2331b35c20b5 33344 libnl-cli-3-200_3.2.27-2_amd64.deb
3e3e15221748be672cef55460f33e6b0390ed4ef 22838 libnl-cli-3-dev_3.2.27-2_amd64.deb
7ed82bec1933dabf4f63ccde806ffab7dbcc8edd 9006 libnl-genl-3-200-udeb_3.2.27-2_amd64.udeb
a7a4b181438b4d162096655e4960465788aa324b 21004 libnl-genl-3-200_3.2.27-2_amd64.deb
384800b79f2cf37127e1f2d8142aaf825a96274f 20122 libnl-genl-3-dev_3.2.27-2_amd64.deb
c340841fc6c1c8ca852cea641716498d2fafe59d 23014 libnl-idiag-3-200_3.2.27-2_amd64.deb
354a678006cb0635b3603d067a6811685efa0b05 21584 libnl-idiag-3-dev_3.2.27-2_amd64.deb
90d1a89c7f2b6bb3244333205d7f0e1c5cfb5df7 40450 libnl-nf-3-200_3.2.27-2_amd64.deb
c8d757b00a6e2a2f352a3018bd66a7d348155dab 38400 libnl-nf-3-dev_3.2.27-2_amd64.deb
f4115405fceef28d29a3efb80efef05ec758bab1 136304 libnl-route-3-200_3.2.27-2_amd64.deb
598e9b9c83c3368f4d33d123d37c86e68fae63f7 148650 libnl-route-3-dev_3.2.27-2_amd64.deb
b2da4be71bb428267e902733053c32d9ca2ab279 68900 libnl-utils_3.2.27-2_amd64.deb
655614bae93972a974649bf3bda1e6b12c099c63 37792 libnl-xfrm-3-200_3.2.27-2_amd64.deb
16d231808dcf9ebbb3629118cc4ad96b52d9cea4 35440 libnl-xfrm-3-dev_3.2.27-2_amd64.deb
0b77a1b6a449fdb246e71b473a09552ebca8c389 9858 libnl3_3.2.27-2_amd64.buildinfo
Checksums-Sha256:
fc5d08f7ef2bf88f445bd4e85695a96dca86cfa522ed4cdc3009e1e995a4cd9b 2735 libnl3_3.2.27-2.dsc
3ce543debcf41d71767fa7e7bafeb9dab330aef693543a49d97dc0c4c3076e10 19288 libnl3_3.2.27-2.debian.tar.xz
d4013cb2e4e233807c105341466045911899740e66f8f9856f1a5d4dcf2ebaa8 1166352 libnl-3-200-dbg_3.2.27-2_amd64.deb
181004ab7549bceaa5ec2bd358dbba04937792082d7faf58c1babbf53932972a 46584 libnl-3-200-udeb_3.2.27-2_amd64.udeb
584bec6d4943fb1e3a0c2e1dc2456d5985d46bbc93799783730a7cbf4777c012 61488 libnl-3-200_3.2.27-2_amd64.deb
58dee0afb2abcb324b1631b8fa02b63dadf08d2964a12893697d9c5381c59353 96246 libnl-3-dev_3.2.27-2_amd64.deb
1ad8db717cc6fca7f3eee36342c903edc2c349b9a512777a98fde42a4509ae91 33344 libnl-cli-3-200_3.2.27-2_amd64.deb
8fb1832cc998370a712dced5e09ec80cd093e674be136ca4c819f7d7eb1da3f2 22838 libnl-cli-3-dev_3.2.27-2_amd64.deb
d6bfffe21caf3adc8ffc848b7c2550e27169998bbdd53e6837d75566d4821e4a 9006 libnl-genl-3-200-udeb_3.2.27-2_amd64.udeb
59a8936a2205f4090f65187baac4781ff2e748bcabf62809007da109092e6284 21004 libnl-genl-3-200_3.2.27-2_amd64.deb
feea4e218567b1f71fe38d3b07de836051326d34cd57ffe6440accdd410cf06f 20122 libnl-genl-3-dev_3.2.27-2_amd64.deb
4b704dd84a712a3411bea8e04d7c811d611d6d55ce6ae991943095f21a0d255d 23014 libnl-idiag-3-200_3.2.27-2_amd64.deb
c6b2179f118727087e5af93ceb7d6aa99c521be052962d121f02b48a8c4c8dba 21584 libnl-idiag-3-dev_3.2.27-2_amd64.deb
6128aa871e8e2a59e4cdb362b376b67ed670d2b6d73f2c97912aa780fbdd0aea 40450 libnl-nf-3-200_3.2.27-2_amd64.deb
c6d9ab23cbad43c1540705465d5577af2aea9159d4a718999c7f1c87aab85065 38400 libnl-nf-3-dev_3.2.27-2_amd64.deb
59907c0fc0e49f1f5819738b9170d0994c775b263c667866e85768dd019838e9 136304 libnl-route-3-200_3.2.27-2_amd64.deb
7abbd34557a09c7f6ef30411fa3f40478122e3433237543a2b565ab78c543e48 148650 libnl-route-3-dev_3.2.27-2_amd64.deb
a53d47c15cd1f9b29bff075a25894ca53184f571d4f061a54d6cb4b93c4238ef 68900 libnl-utils_3.2.27-2_amd64.deb
7c3f53bdaf5e64cce55644eb087b5e17bd49d8685a6652533831e15706114b85 37792 libnl-xfrm-3-200_3.2.27-2_amd64.deb
74beab0f24d9c89ea438ebe6ddcd0d1b9b734e056ea0b36cae54847b03881a07 35440 libnl-xfrm-3-dev_3.2.27-2_amd64.deb
208f681dacf45763be33c45fc6f4af1420a62f712543f1d5f69b23c2f013f1bc 9858 libnl3_3.2.27-2_amd64.buildinfo
Files:
2f9a0ac72b3a5125cbedab73cdd8ec9f 2735 net optional libnl3_3.2.27-2.dsc
0f12c5e5cb3a1df33cdcbb8c5094d5d6 19288 net optional libnl3_3.2.27-2.debian.tar.xz
13797748a78a477e4e63d4f2847952ac 1166352 debug extra libnl-3-200-dbg_3.2.27-2_amd64.deb
4d5bfcacddc2b9d78b31696c56f27030 46584 debian-installer optional libnl-3-200-udeb_3.2.27-2_amd64.udeb
f8f616ad7b3cb928692c9f67c573dbbe 61488 libs optional libnl-3-200_3.2.27-2_amd64.deb
2b0e37ce0418825d5eac013967c4bc5f 96246 libdevel optional libnl-3-dev_3.2.27-2_amd64.deb
ddad5f64f92823f90a33d3332349b795 33344 libs optional libnl-cli-3-200_3.2.27-2_amd64.deb
6ca1b96dfb7ac1b7efce7613915527b1 22838 libdevel optional libnl-cli-3-dev_3.2.27-2_amd64.deb
8798ea798047cea96cdb9fcd52f38d3a 9006 debian-installer optional libnl-genl-3-200-udeb_3.2.27-2_amd64.udeb
74ad4cf34e628b785ce7b0d2b23d26db 21004 libs optional libnl-genl-3-200_3.2.27-2_amd64.deb
278410d5fa7be7fb9a3ef3d08049b6bf 20122 libdevel optional libnl-genl-3-dev_3.2.27-2_amd64.deb
84d5fe41c1baef45b7b0e1c6d656d561 23014 libs optional libnl-idiag-3-200_3.2.27-2_amd64.deb
31c2b4b0f2bddf3cc4ab52403b14cec5 21584 libdevel optional libnl-idiag-3-dev_3.2.27-2_amd64.deb
392564e77dd47e3a1445a612003d8ba3 40450 libs optional libnl-nf-3-200_3.2.27-2_amd64.deb
e88b45c9a206e893a8dd359cfa1bfc31 38400 libdevel optional libnl-nf-3-dev_3.2.27-2_amd64.deb
eb553fedc0a2494a09f688c91484e899 136304 libs optional libnl-route-3-200_3.2.27-2_amd64.deb
c5e899204c28fefc057c3807daba52cd 148650 libdevel optional libnl-route-3-dev_3.2.27-2_amd64.deb
8f1d8e798cbb1269ce35ea5bf4ddde08 68900 libs optional libnl-utils_3.2.27-2_amd64.deb
9b60ced92baf6b5bbb64f0ed0b0584d1 37792 libs optional libnl-xfrm-3-200_3.2.27-2_amd64.deb
3aac2d5deb12f3c7ea46a02e5983d932 35440 libdevel optional libnl-xfrm-3-dev_3.2.27-2_amd64.deb
2c21c0bd6bd4b7e3a53137eea48dc621 9858 net optional libnl3_3.2.27-2_amd64.buildinfo
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
iQFFBAEBCAAvFiEE7v+35S2Q1vLNA3Lx86Z5yZzRHYEFAljrW28RHG1taW5kQGRl
Ymlhbi5vcmcACgkQ86Z5yZzRHYHs/wf/VP59N6+uXof2Dep07LyOjp85+RFm2Pis
30Bxju5slooayYk6eI33KoqULVOm4wFNPaNv2z2r5C+VOffRQZS8UDoAOyqEEEEM
uDAkd5mnr38B6XR8RmWNU/DXSeB+rX0ZTYbWUjC8wtaRuWNgobqFGHJdcn6xepwY
1kEZPO52dLvg3/CRSCHbIuZ6hbHZf7+PzjUgKUSiOtRUtNZqU9DFaYbCxGz0gOUo
ZW87prQcOGdKTEwIgblgKcBROL/uL3rPpkAAmoEjRSSGSngXT4MO34YEtPWf6NNo
XzwQo77VHvmp35Tmm/cmXFYfWXhvRDURZcwe5UFD30qLyKweCLDX+Q==
=5lNu
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 10 May 2017 07:26:33 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:11:27 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon