Debian Bug report logs -
#496410
The possibility of attack with the help of symlinks in some Debian packages
Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>
Date: Sun, 24 Aug 2008 18:11:16 UTC
Severity: important
Tags: security
Fixed in versions redhat-cluster/2.20081102-1, redhat-cluster/2.20080801-4+lenny1
Done: Stefan Fritsch <sf@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
New Bug report received and forwarded. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cman
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.
For example if a script uses in its work a temp file which is created
in /tmp directory, then every user can create symlink with the same
name in this directory in order to destroy or rewrite some system
or user file. Symlink attack may also lead not only to the data
desctruction but to denial of service as well.
Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial of service'
for your package scripts.
Even if you make rm(dir) for files/directories, then your system is
not protected. Attacker can permanently create symlinks.
This list is created with the help of script. This list is sorted by
hand. Howewer in some cases mistake is possible.
Please, Be understanding to possible mistakes. :)
I set Severity into grave for this bug. The table of discovered
problems is below.
Discussion of this bug you can see in debian-devel@:
http://lists.debian.org/debian-devel/2008/08/msg00271.html
Binary-package: r-base-core-ra (1.1.1-1)
file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
file: /usr/share/dtc/admin/accesslog.php
file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
file: /usr/share/linuxtrade/bin/linuxtrade.wn
file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
file: /usr/bin/impose
Binary-package: mgt (2.31-5)
file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
file: /usr/lib/lmbench/scripts/rccs
file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
file: /usr/lib/ogle/ogle_audio_debug
file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
file: /usr/share/convirt/image_store/_template_/provision.sh
file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
file: /usr/share/convirt/image_store/common/provision.sh
file: /usr/share/convirt/image_store/example/provision.sh
file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
file: /usr/lib/R/bin/javareconf
file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
file: /usr/share/xmcd/scripts/ncsarmt
file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
file: /usr/lib/scilab-4.1.2/bin/scilink
file: /usr/lib/scilab-4.1.2/util/scidoc
file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
file: /usr/sbin/checksendmail
file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
file: /usr/bin/patcil
file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
file: /usr/lib/arb/SH/arb_fastdnaml
file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
file: /usr/bin/apertium-gen-deformat
file: /usr/bin/apertium-gen-reformat
file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
file: /usr/share/freeradius-dialupadmin/bin/tot_stats
file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
file: /var/lib/wims/public_html/bin/coqweb
file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
file: /usr/share/bulmages/examples/scripts/actualizabulmacont
file: /usr/share/bulmages/examples/scripts/installbulmages-db
file: /usr/share/bulmages/examples/scripts/creabulmafact
file: /usr/share/bulmages/examples/scripts/creabulmacont
file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
file: /usr/lib/xastir/get-maptools.sh
file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
file: /usr/bin/plaiter
file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #10 received at 496410@bugs.debian.org (full text, mbox, reply):
severity 496410 important
thanks
On Sun, Aug 24, 2008 at 10:05:29PM +0400, Dmitry E. Oboukhov wrote:
> Package: cman
> Severity: grave
> Binary-package: cman (2.20080629-1)
> file: /usr/sbin/fence_egenera
The broken usage is:
local *egen_log;
open(egen_log,">/tmp/eglog");
[...]
print egen_log "shutdown: $trys $status\n";
[...]
print egen_log "shutdown: crash dump being performed. Waiting\n";
[...]
print egen_log "shutdown: $cmd being called, before open3\n";
[...]
print egen_log "shutdown: after calling open3\n";
[...]
print egen_log "shutdown: Open3 result: ", @outlines, "\n";
[...]
print egen_log "shutdown: Returning from pserver_shutdown with return code $rtrn\n";
This is, of course, wrong, and subject to symlink attack. However, I don't
see any way that this can be exploitable for privilege escalation, which is
the standard for 'grave' severity security bugs: it doesn't allow arbitrary
output to the file, only a finite set of strings which are not valid shell,
cron entries, password/shadow entries, or any other config file that I know
of.
So at best this appears to be a DoS symlink attack; therefore downgrading.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Severity set to `important' from `grave'
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org
.
(Sun, 24 Aug 2008 20:18:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #17 received at 496410@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 496410 security
thanks
On 13:15 Sun 24 Aug , Steve Langasek wrote:
SL> severity 496410 important
SL> thanks
You are mistake :)
Your script places in /usr/sbin, ie it runs with root privs.
If I create symlink /etc/shadow -> /tmp/eglog and You start this script,
then your system 'll damaged.
Please, check it again :) (and please, revert severity level)
SL> On Sun, Aug 24, 2008 at 10:05:29PM +0400, Dmitry E. Oboukhov wrote:
SL>> Package: cman
SL>> Severity: grave
SL>> Binary-package: cman (2.20080629-1)
SL>> file: /usr/sbin/fence_egenera
SL> The broken usage is:
SL> local *egen_log;
SL> open(egen_log,">/tmp/eglog");
SL> [...]
SL> print egen_log "shutdown: $trys $status\n";
SL> [...]
SL> print egen_log "shutdown: crash dump being performed. Waiting\n";
SL> [...]
SL> print egen_log "shutdown: $cmd being called, before open3\n";
SL> [...]
SL> print egen_log "shutdown: after calling open3\n";
SL> [...]
SL> print egen_log "shutdown: Open3 result: ", @outlines, "\n";
SL> [...]
SL> print egen_log "shutdown: Returning from pserver_shutdown with return code $rtrn\n";
SL> This is, of course, wrong, and subject to symlink attack. However, I don't
SL> see any way that this can be exploitable for privilege escalation, which is
SL> the standard for 'grave' severity security bugs: it doesn't allow arbitrary
SL> output to the file, only a finite set of strings which are not valid shell,
SL> cron entries, password/shadow entries, or any other config file that I know
SL> of.
SL> So at best this appears to be a DoS symlink attack; therefore downgrading.
--
. ''`. Dmitry E. Oboukhov
: :’ : unera@debian.org
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #22 received at 496410@bugs.debian.org (full text, mbox, reply):
On Mon, Aug 25, 2008 at 10:40:31AM +0400, Dmitry E. Oboukhov wrote:
> On 13:15 Sun 24 Aug , Steve Langasek wrote:
> SL> severity 496410 important
> SL> thanks
> You are mistake :)
> Your script places in /usr/sbin, ie it runs with root privs.
> If I create symlink /etc/shadow -> /tmp/eglog and You start this script,
> then your system 'll damaged.
The standard for grave-severity security bugs in Debian is "can be used by
an attacker to gain control of an account of a user who uses this package",
not "can be used by an attacker to create a Denial of Service by breaking
the system". Writing this garbage to /etc/shadow will not result in
privilege escalation, it will only result in a broken system; therefore, it
is my understanding that this is not a grave bug.
So I don't think I've made a mistake here.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Tags added:
Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru>
to control@bugs.debian.org
.
(Tue, 26 Aug 2008 08:45:45 GMT) (full text, mbox, link).
Tags added: security
Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru>
to control@bugs.debian.org
.
(Tue, 26 Aug 2008 08:57:35 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <unera@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #31 received at 496410@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
severity 496410 grave
thanks
SL> So I don't think I've made a mistake here.
You are mistake, see
http://www.debian.org/Bugs/Developer.en.html#severities
quote:
grave
makes the package in question unusable or mostly so, or causes data
loss, or introduces a security hole allowing access to the accounts
of users who use the package.
_or_ _causes_ _data_ _loss_
create symlink /etc/shadow -> /tmp/eglog and you are loss
data of /etc/shadow :)
--
... mpd is off
. ''`. Dmitry E. Oboukhov
: :’ : mailto://unera@debian.org jabber://UNera@uvw.ru
`. `~’ GPGKey: 1024D / F8E26537 2006-11-21
`- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
[signature.asc (application/pgp-signature, inline)]
Severity set to `grave' from `important'
Request was from "Dmitry E. Oboukhov" <unera@debian.org>
to control@bugs.debian.org
.
(Wed, 27 Aug 2008 15:15:07 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(full text, mbox, link).
Acknowledgement sent to Bastian Blank <waldi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(full text, mbox, link).
Message #38 received at 496410@bugs.debian.org (full text, mbox, reply):
severity 496410 important
thanks
On Wed, Aug 27, 2008 at 07:12:29PM +0400, Dmitry E. Oboukhov wrote:
> _or_ _causes_ _data_ _loss_
It does not cause data loss, the admin needs to execute it. And now stop
bitching around.
Bastian
--
Superior ability breeds superior ambition.
-- Spock, "Space Seed", stardate 3141.9
Severity set to `important' from `grave'
Request was from Bastian Blank <waldi@debian.org>
to control@bugs.debian.org
.
(Wed, 27 Aug 2008 15:30:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Sat, 11 Oct 2008 11:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Klauser <tklauser@distanz.ch>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Sat, 11 Oct 2008 11:57:02 GMT) (full text, mbox, link).
Message #45 received at 496410@bugs.debian.org (full text, mbox, reply):
Hi,
It looks like there are some more tempfile creation problems in the
redhat-cluster source package.
1) In rgmanager/src/daemons/main.c (line 707):
void
dump_internal_state(char *loc)
{
FILE *fp;
fp=fopen(loc, "w+");
dump_config_version(fp);
dump_threads(fp);
dump_vf_states(fp);
#ifdef WRAP_THREADS
dump_thread_states(fp);
#endif
dump_cluster_ctx(fp);
//malloc_dump_table(fp, 1, 16384); /* Only works if alloc.c us used */
fclose(fp);
}
...
dump_internal_state("/tmp/rgmanager-dump");
This file is part of the binary clurgmgrd (package rgmanager) which is run as
root.
2) In gfs2/edit/savemeta.c (line 27):
#define DFT_SAVE_FILE "/tmp/gfsmeta"
...
if (!out_fn)
out_fn = DFT_SAVE_FILE;
out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
if (out_fd < 0)
die("Can't open %s: %s\n", out_fn, strerror(errno));
if (ftruncate(out_fd, 0))
die("Can't truncate %s: %s\n", out_fn, strerror(errno));
This file is part of the binary gfs2_edit (package gfs2-tools) which is run as
root.
3) In ccs/ccs_tool/upgrade.c (line 223):
sprintf(tmp_file, "/tmp/tmp_%d", getpid());
tmp_fd = open(tmp_file, O_RDWR | O_CREAT |O_TRUNC, S_IRUSR|S_IWUSR)
...
unlink(tmp_file);
The filename is only depended on the PID of the process. Though, the binary
ccs_tool does not seem to be part of any package built from the redhat-cluster
source package.
Cheers, Tobias
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Fri, 17 Oct 2008 12:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 17 Oct 2008 12:33:03 GMT) (full text, mbox, link).
Message #50 received at 496410@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
the following two additional CVE ids have been assigned to
symlink issues in cman & redhat-cluster:
CVE-2008-4579[0]:
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a)
| fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode,
| allows local users to append to arbitrary files via a symlink attack
| on the apclog temporary file.
CVE-2008-4580[1]:
| fence_manual in fence allows local users to modify arbitrary files via
| a symlink attack on the fence_manual.fifo temporary file.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4579
http://security-tracker.debian.net/tracker/CVE-2008-4579
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4580
http://security-tracker.debian.net/tracker/CVE-2008-4580
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Tags added: pending
Request was from Frederik Schüler <fs@alioth.debian.org>
to control@bugs.debian.org
.
(Mon, 03 Nov 2008 12:24:11 GMT) (full text, mbox, link).
Reply sent
to Frederik Schüler <fs@debian.org>
:
You have taken responsibility.
(Mon, 03 Nov 2008 18:21:02 GMT) (full text, mbox, link).
Notification sent
to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
Bug acknowledged by developer.
(Mon, 03 Nov 2008 18:21:03 GMT) (full text, mbox, link).
Message #57 received at 496410-close@bugs.debian.org (full text, mbox, reply):
Source: redhat-cluster
Source-Version: 2.20081102-1
We believe that the bug you reported is fixed in the latest version of
redhat-cluster, which is due to be installed in the Debian FTP archive:
cman_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/cman_2.20081102-1_amd64.deb
gfs-tools_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/gfs-tools_2.20081102-1_amd64.deb
gfs2-tools_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/gfs2-tools_2.20081102-1_amd64.deb
gnbd-client_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/gnbd-client_2.20081102-1_amd64.deb
gnbd-server_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/gnbd-server_2.20081102-1_amd64.deb
libcman-dev_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/libcman-dev_2.20081102-1_amd64.deb
libcman2_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/libcman2_2.20081102-1_amd64.deb
libdlm-dev_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/libdlm-dev_2.20081102-1_amd64.deb
libdlm2_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/libdlm2_2.20081102-1_amd64.deb
redhat-cluster-source_2.20081102-1_all.deb
to pool/main/r/redhat-cluster/redhat-cluster-source_2.20081102-1_all.deb
redhat-cluster-suite_2.20081102-1_all.deb
to pool/main/r/redhat-cluster/redhat-cluster-suite_2.20081102-1_all.deb
redhat-cluster_2.20081102-1.diff.gz
to pool/main/r/redhat-cluster/redhat-cluster_2.20081102-1.diff.gz
redhat-cluster_2.20081102-1.dsc
to pool/main/r/redhat-cluster/redhat-cluster_2.20081102-1.dsc
redhat-cluster_2.20081102.orig.tar.gz
to pool/main/r/redhat-cluster/redhat-cluster_2.20081102.orig.tar.gz
rgmanager_2.20081102-1_amd64.deb
to pool/main/r/redhat-cluster/rgmanager_2.20081102-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 496410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederik Schüler <fs@debian.org> (supplier of updated redhat-cluster package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 03 Nov 2008 18:16:49 +0100
Source: redhat-cluster
Binary: redhat-cluster-suite cman libcman2 libcman-dev libdlm2 libdlm-dev gfs-tools gfs2-tools gnbd-client gnbd-server rgmanager redhat-cluster-source
Architecture: source amd64 all
Version: 2.20081102-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Frederik Schüler <fs@debian.org>
Description:
cman - Red Hat cluster suite - cluster manager
gfs-tools - Red Hat cluster suite - global file system tools
gfs2-tools - Red Hat cluster suite - global file system 2 tools
gnbd-client - Red Hat cluster suite - global network block device client tools
gnbd-server - Red Hat cluster suite - global network block device server tools
libcman-dev - Red Hat cluster suite - cluster manager development files
libcman2 - Red Hat cluster suite - cluster manager libraries
libdlm-dev - Red Hat cluster suite - distributed lock manager development file
libdlm2 - Red Hat cluster suite - distributed lock manager library
redhat-cluster-source - Red Hat cluster suite - kernel modules source
redhat-cluster-suite - Red Hat cluster suite - metapackage
rgmanager - Red Hat cluster suite - clustered resource group manager
Closes: 496410 503610
Changes:
redhat-cluster (2.20081102-1) unstable; urgency=medium
.
* New upstream release version 2.03.09.
- Upstream code audit fixes several tmpfile race conditions, among
them CVE-2008-4579 and CVE-2008-4580. (Closes: #496410)
- Drop 01_qdisk-uninitialized.dpatch and 02_gfs-kernel-fix.dpatch:
merged upstream.
* Add svedish debconf translation, thanks to Martin Bagge.
(Closes: #503610)
* Cman: add sg3-utils dependency for scsi_reserve support.
Checksums-Sha1:
d993e2d0b4166f2aafc6a46ffd67ae35b806b845 1653 redhat-cluster_2.20081102-1.dsc
87463b152540de2175c133d06df26935cd33bbbb 1707777 redhat-cluster_2.20081102.orig.tar.gz
6ac5240dd053c9c192ee271804b422efddcd49f0 37449 redhat-cluster_2.20081102-1.diff.gz
172ba44ec8ed3ba8e0bde89e698295f0989a47d4 501350 cman_2.20081102-1_amd64.deb
75b3bfb13d48845184004b9a898483975c3f03e8 14642 libcman2_2.20081102-1_amd64.deb
c9c4ced9ee58d5cab793a77765e8bed829304728 18384 libcman-dev_2.20081102-1_amd64.deb
59305f4a68a679591a908584be30dbb91a7d821e 19154 libdlm2_2.20081102-1_amd64.deb
712e1cff41a68184ece7e51ea769cfecd12415fa 34292 libdlm-dev_2.20081102-1_amd64.deb
bcaf6619d1f73c9e77dab6b35e255f1b2b5f1950 195560 gfs-tools_2.20081102-1_amd64.deb
09f2cff85659d090cc75a0375abea08fa65f1697 317060 gfs2-tools_2.20081102-1_amd64.deb
71d095bedb4743afa09f7d81ce0999d3b1f76a50 58874 gnbd-client_2.20081102-1_amd64.deb
5f1b0498eb59d10c5a7bea4971cfc548bc2efcaf 54594 gnbd-server_2.20081102-1_amd64.deb
7673c0d0f62976c830bbc716fd7adedb30d53267 309402 rgmanager_2.20081102-1_amd64.deb
3266da5372b6eadeb521e3e894a2c6053932bacc 7256 redhat-cluster-suite_2.20081102-1_all.deb
d68af08c5d99f43e0f68f6b292212124ab5a1781 174026 redhat-cluster-source_2.20081102-1_all.deb
Checksums-Sha256:
2ee22c908813d4a51f56a7aa1fc2f4f5a200f015d8e9e267678b75fc2c78c85c 1653 redhat-cluster_2.20081102-1.dsc
cb59aaca5d4f85bc9bcd19709c0e93fd377734b82fe795096c6577569402e27d 1707777 redhat-cluster_2.20081102.orig.tar.gz
166cac4cb2f2c474f019cdcf1630a694080c082147bf4e24ab3114c964d42e16 37449 redhat-cluster_2.20081102-1.diff.gz
8a5682d35aa36b0fefe54361a3a236da553162072a7bc62b24777faad3b88ba6 501350 cman_2.20081102-1_amd64.deb
0e674f23cb8d96d3c3fccd8f9c5002d1346c4600a503578158e5d4a63917fc65 14642 libcman2_2.20081102-1_amd64.deb
e962d56db3480a1dec160ada52c7e2dc761f3f755bfdc6fa11cb88e7fc97b7c1 18384 libcman-dev_2.20081102-1_amd64.deb
1d2141c8217432b1ba076b904c7fa2cd8c821db45afbd73f221a14ca2fd628ea 19154 libdlm2_2.20081102-1_amd64.deb
7597e9acfc298d5a42119239f9a7eb37f874911d1c234492b4597c0aad9b8a24 34292 libdlm-dev_2.20081102-1_amd64.deb
03258affcecd46ae4191812d64907b1d17c45bf31579c7d9d37f84255ff639d2 195560 gfs-tools_2.20081102-1_amd64.deb
2eb5562981423ebc235ae89f04f3fb529da4284aa8b70f298451cd464fd9f78f 317060 gfs2-tools_2.20081102-1_amd64.deb
76f7a96ddf4424c9a5be43abc39e0113cc54c755bc894519a53e18ce8c69d197 58874 gnbd-client_2.20081102-1_amd64.deb
ebe9df6d51d782ed8e0ec3e56edf0ab7fb15c63b70d1d4c1fee30dc862cdcf48 54594 gnbd-server_2.20081102-1_amd64.deb
b18ea7259b0142492a0b254d633c101807332073ad18df1340567f458f29b038 309402 rgmanager_2.20081102-1_amd64.deb
e4e3f75adc46c3293b6fd9fa212e48975f5ecb459a2b4c62d2aaa2dc039979f3 7256 redhat-cluster-suite_2.20081102-1_all.deb
3979b72dd3688814d34dcf11f533976f6dace00b43c75b5845b9830bfb5638f0 174026 redhat-cluster-source_2.20081102-1_all.deb
Files:
995efefe76d4403f641dfaf94c960d59 1653 admin optional redhat-cluster_2.20081102-1.dsc
cf768612d673058a83bb6dcc562582e5 1707777 admin optional redhat-cluster_2.20081102.orig.tar.gz
0779fdc0089753022f968b29506eec04 37449 admin optional redhat-cluster_2.20081102-1.diff.gz
886c86d082660837a818dacb6724c8bf 501350 admin optional cman_2.20081102-1_amd64.deb
e4555460c98c168bf7c401da6f3b7b6b 14642 libs optional libcman2_2.20081102-1_amd64.deb
b046c4edaaa68bcbeb740dec6c1b169f 18384 libdevel optional libcman-dev_2.20081102-1_amd64.deb
e68c34bce1665bccfaf29435374d26d8 19154 libs optional libdlm2_2.20081102-1_amd64.deb
7a4094c34e964cb2896e2674f66f5196 34292 libdevel optional libdlm-dev_2.20081102-1_amd64.deb
f0c83a6f3f24ad811aa0308422a9fc8a 195560 admin optional gfs-tools_2.20081102-1_amd64.deb
290b38b81cc5cda5c617eb1b5216d342 317060 admin optional gfs2-tools_2.20081102-1_amd64.deb
8692b308f069029dd278732d7f28ed44 58874 admin optional gnbd-client_2.20081102-1_amd64.deb
549379dcbae09bcf7d9ca993aca79991 54594 admin optional gnbd-server_2.20081102-1_amd64.deb
3a1277bb3e027e28f3c2396a72d2bd0f 309402 admin optional rgmanager_2.20081102-1_amd64.deb
fc4a1b52dc05b84da8a386b287735b09 7256 admin optional redhat-cluster-suite_2.20081102-1_all.deb
05c16e4fbfa7514d259ad40dadafdecc 174026 admin optional redhat-cluster-source_2.20081102-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkPO2wACgkQ6n7So0GVSSBP2ACbBbdEgMsLdG5JFi9Q/zY7cTTq
QhEAnAkS4hryticFiSWdjPLD1Rq2ZJN3
=ljKy
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Tue, 18 Nov 2008 19:42:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Tue, 18 Nov 2008 19:42:06 GMT) (full text, mbox, link).
Message #62 received at 496410@bugs.debian.org (full text, mbox, reply):
The new upstream version that fixes this bug introduces a lot of other
changes and doesn't seem acceptable for lenny.
Is anyone working on backporting the fix for a t-p-u upload? I can
probably do it later this week but I don't want to duplicate work.
Cheers,
Stefan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Fri, 28 Nov 2008 22:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 28 Nov 2008 22:57:04 GMT) (full text, mbox, link).
Message #67 received at 496410@bugs.debian.org (full text, mbox, reply):
Hi,
please accept redhat-cluster 2.20080801-4+lenny1 which I have just
uploaded to testing-proposed-updates:
* Fix several tmpfile race conditions, among them CVE-2008-4192 and
CVE-2008-4579. (Closes: #496410)
Cheers,
Stefan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Fri, 28 Nov 2008 23:27:29 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastian Blank <waldi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 28 Nov 2008 23:27:29 GMT) (full text, mbox, link).
Message #72 received at 496410@bugs.debian.org (full text, mbox, reply):
On Fri, Nov 28, 2008 at 11:53:45PM +0100, Stefan Fritsch wrote:
> please accept redhat-cluster 2.20080801-4+lenny1 which I have just
> uploaded to testing-proposed-updates:
Where is the patch? Do I have to remind you about the NMU procedures?
Bastian
--
Deflector shields just came on, Captain.
Reply sent
to Stefan Fritsch <sf@debian.org>
:
You have taken responsibility.
(Fri, 28 Nov 2008 23:27:31 GMT) (full text, mbox, link).
Notification sent
to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
Bug acknowledged by developer.
(Fri, 28 Nov 2008 23:27:32 GMT) (full text, mbox, link).
Message #77 received at 496410-close@bugs.debian.org (full text, mbox, reply):
Source: redhat-cluster
Source-Version: 2.20080801-4+lenny1
We believe that the bug you reported is fixed in the latest version of
redhat-cluster, which is due to be installed in the Debian FTP archive:
cman_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/cman_2.20080801-4+lenny1_i386.deb
gfs-tools_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/gfs-tools_2.20080801-4+lenny1_i386.deb
gfs2-tools_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/gfs2-tools_2.20080801-4+lenny1_i386.deb
gnbd-client_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/gnbd-client_2.20080801-4+lenny1_i386.deb
gnbd-server_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/gnbd-server_2.20080801-4+lenny1_i386.deb
libcman-dev_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/libcman-dev_2.20080801-4+lenny1_i386.deb
libcman2_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/libcman2_2.20080801-4+lenny1_i386.deb
libdlm-dev_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/libdlm-dev_2.20080801-4+lenny1_i386.deb
libdlm2_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/libdlm2_2.20080801-4+lenny1_i386.deb
redhat-cluster-source_2.20080801-4+lenny1_all.deb
to pool/main/r/redhat-cluster/redhat-cluster-source_2.20080801-4+lenny1_all.deb
redhat-cluster-suite_2.20080801-4+lenny1_all.deb
to pool/main/r/redhat-cluster/redhat-cluster-suite_2.20080801-4+lenny1_all.deb
redhat-cluster_2.20080801-4+lenny1.diff.gz
to pool/main/r/redhat-cluster/redhat-cluster_2.20080801-4+lenny1.diff.gz
redhat-cluster_2.20080801-4+lenny1.dsc
to pool/main/r/redhat-cluster/redhat-cluster_2.20080801-4+lenny1.dsc
rgmanager_2.20080801-4+lenny1_i386.deb
to pool/main/r/redhat-cluster/rgmanager_2.20080801-4+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 496410@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated redhat-cluster package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 28 Nov 2008 19:15:39 +0100
Source: redhat-cluster
Binary: redhat-cluster-suite cman libcman2 libcman-dev libdlm2 libdlm-dev gfs-tools gfs2-tools gnbd-client gnbd-server rgmanager redhat-cluster-source
Architecture: source i386 all
Version: 2.20080801-4+lenny1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
cman - Red Hat cluster suite - cluster manager
gfs-tools - Red Hat cluster suite - global file system tools
gfs2-tools - Red Hat cluster suite - global file system 2 tools
gnbd-client - Red Hat cluster suite - global network block device client tools
gnbd-server - Red Hat cluster suite - global network block device server tools
libcman-dev - Red Hat cluster suite - cluster manager development files
libcman2 - Red Hat cluster suite - cluster manager libraries
libdlm-dev - Red Hat cluster suite - distributed lock manager development file
libdlm2 - Red Hat cluster suite - distributed lock manager library
redhat-cluster-source - Red Hat cluster suite - kernel modules source
redhat-cluster-suite - Red Hat cluster suite - metapackage
rgmanager - Red Hat cluster suite - clustered resource group manager
Closes: 496410
Changes:
redhat-cluster (2.20080801-4+lenny1) testing-proposed-updates; urgency=low
.
* Non-maintainer upload by the security team.
* Fix several tmpfile race conditions, among them CVE-2008-4192 and
CVE-2008-4579. (Closes: #496410)
Checksums-Sha1:
dbfc7c0a1a2fd19324263dbe3dd6215a3aea7d2d 1673 redhat-cluster_2.20080801-4+lenny1.dsc
f3277a8afc828cfff2f9bf3e46a040dd7123485b 26948 redhat-cluster_2.20080801-4+lenny1.diff.gz
8a7a25789d70199983f015037e4ce70ec90f7e3d 456436 cman_2.20080801-4+lenny1_i386.deb
088368b4448d021b9bfa81c74a7a9a8c7f38d6b2 13754 libcman2_2.20080801-4+lenny1_i386.deb
2ca4bcf9232b5db04416dc337526ed80f55ad068 17632 libcman-dev_2.20080801-4+lenny1_i386.deb
1e8af2274ceb78b2cd1ba41a09b3bd4cd44b7656 17472 libdlm2_2.20080801-4+lenny1_i386.deb
61d01fb92284a7328f24ccf8ac8859ef1b514954 31960 libdlm-dev_2.20080801-4+lenny1_i386.deb
49344f12f87305b74901571bf7e8bc7d3685cc78 192042 gfs-tools_2.20080801-4+lenny1_i386.deb
ca313d0632f2fc0fb72764632f9fe318514af4f7 300086 gfs2-tools_2.20080801-4+lenny1_i386.deb
36dea408c877d91f91f50e68e91986c5f97dff21 48352 gnbd-client_2.20080801-4+lenny1_i386.deb
a555f6ed431555a3cb06653dc86e5a87864269c2 47660 gnbd-server_2.20080801-4+lenny1_i386.deb
13c97332fde9d22eec10747a0609f85310e73342 288028 rgmanager_2.20080801-4+lenny1_i386.deb
27cb5fde12421182ecaade1c03f9404f9b9a7c74 7152 redhat-cluster-suite_2.20080801-4+lenny1_all.deb
720ba0c540a8ff25d4240945baff03c3d873267d 171614 redhat-cluster-source_2.20080801-4+lenny1_all.deb
Checksums-Sha256:
ed702d64e39a383525873cc30ee562389ffb88058e089de58629d84f823d96c6 1673 redhat-cluster_2.20080801-4+lenny1.dsc
609046c35d8b2aafe62003193ff0d3161a78d6ee8f37768bfae769a9cad04321 26948 redhat-cluster_2.20080801-4+lenny1.diff.gz
aa1fd9bb6318920d7c30a9aeacafbe1b5628c4c21769b584b3346fc4ab1c7849 456436 cman_2.20080801-4+lenny1_i386.deb
4872500323bd85dadbde5faa3d656ddbccea0aaf849f98644a2ac5c969c4d654 13754 libcman2_2.20080801-4+lenny1_i386.deb
b558ca4785ee528eafe49a663d760894a57da6bb91143f3044414d4d7ce5dd0f 17632 libcman-dev_2.20080801-4+lenny1_i386.deb
8c684990c56639fc0d4b21012a4b52767b9698d146cfef49a1c9a2636e8fdf4a 17472 libdlm2_2.20080801-4+lenny1_i386.deb
f4ab369579ad5466890e2dd3c93e10860ec9c670e586d894cf29e9d9792af1cc 31960 libdlm-dev_2.20080801-4+lenny1_i386.deb
43bf1db4fdbef181ccdd97f088e5d4913eabfeb1052212223124fe6748fc89cb 192042 gfs-tools_2.20080801-4+lenny1_i386.deb
f6805b2aafd3a3e93acc6ff4ca1b1bc2d53f8b5d97fedb511796b4bed2b5d9db 300086 gfs2-tools_2.20080801-4+lenny1_i386.deb
3854010822527eddd545bef1089efc6941dd47acd56b8e46a46b3670ad56f253 48352 gnbd-client_2.20080801-4+lenny1_i386.deb
8f7ff50fc2afac7238f157cb710dd26adea9f7e1f41c03aa3f47b0dc6f8bc7b1 47660 gnbd-server_2.20080801-4+lenny1_i386.deb
ba6192dd2757a845b24a7d90a957764e600123486407e4b1a50062dc960c33e2 288028 rgmanager_2.20080801-4+lenny1_i386.deb
759f65642ed6121cafc55b353e260566b9ed0652c3d534b76624cbf1ca2cbc4e 7152 redhat-cluster-suite_2.20080801-4+lenny1_all.deb
b18509b5a511788967eaadfa4396f6095792f3a9b17e6278e74d5510cb988e8f 171614 redhat-cluster-source_2.20080801-4+lenny1_all.deb
Files:
e2d49f4c3d22d8647bed9fed924e5509 1673 admin optional redhat-cluster_2.20080801-4+lenny1.dsc
aeaaadb2b179c69e13e78876e06a8cc8 26948 admin optional redhat-cluster_2.20080801-4+lenny1.diff.gz
ec25963615eabc83e6673c8823cbd78e 456436 admin optional cman_2.20080801-4+lenny1_i386.deb
2edebd2e39698483d8d0e2011f92e2c3 13754 libs optional libcman2_2.20080801-4+lenny1_i386.deb
c4b91344ee0cdcba4d794c37a445e130 17632 libdevel optional libcman-dev_2.20080801-4+lenny1_i386.deb
f2eeafbd743f8a2f91f127dd6235cfe2 17472 libs optional libdlm2_2.20080801-4+lenny1_i386.deb
65e71ff0828500592313f0f946e460e5 31960 libdevel optional libdlm-dev_2.20080801-4+lenny1_i386.deb
94a6f5c44b18f7d062c6a94758edc426 192042 admin optional gfs-tools_2.20080801-4+lenny1_i386.deb
9049fc178040ad0158d94c6c05f2af20 300086 admin optional gfs2-tools_2.20080801-4+lenny1_i386.deb
b0a9fc713d3c056ac8bdcdd55b9fa487 48352 admin optional gnbd-client_2.20080801-4+lenny1_i386.deb
d476363d8935d246d7d67e8a40301e36 47660 admin optional gnbd-server_2.20080801-4+lenny1_i386.deb
a2cf1764a1bd90a2712b4b49960abbd7 288028 admin optional rgmanager_2.20080801-4+lenny1_i386.deb
f18399bda9cccc0da1c95fcfa0171d5a 7152 admin optional redhat-cluster-suite_2.20080801-4+lenny1_all.deb
ee85ca67f026f8eb9fbe99bb58ebc312 171614 admin optional redhat-cluster-source_2.20080801-4+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJMHDVbxelr8HyTqQRApYEAKC8NZIuSaVh5pFTLxZJTsFHR43HOACgjpUK
i/scSG3plTq24nR8Su96dbg=
=9tAr
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Fri, 28 Nov 2008 23:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 28 Nov 2008 23:51:02 GMT) (full text, mbox, link).
Message #82 received at 496410@bugs.debian.org (full text, mbox, reply):
here is the patch
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Fri, 28 Nov 2008 23:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Fri, 28 Nov 2008 23:51:04 GMT) (full text, mbox, link).
Message #87 received at 496410@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> here is the patch
ups. second try
[patch (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
:
Bug#496410
; Package cman
.
(Sun, 07 Dec 2008 18:18:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>
.
(Sun, 07 Dec 2008 18:18:02 GMT) (full text, mbox, link).
Message #92 received at 496410@bugs.debian.org (full text, mbox, reply):
Stefan Fritsch wrote:
> Hi,
>
> please accept redhat-cluster 2.20080801-4+lenny1 which I have just
> uploaded to testing-proposed-updates:
>
> * Fix several tmpfile race conditions, among them CVE-2008-4192 and
> CVE-2008-4579. (Closes: #496410)
approved
cheers
Luk
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 06 Jan 2009 07:27:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:46:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.