Multiple DoS issues

Debian Bug report logs - #551918
Multiple DoS issues

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Multiple DoS issues

Date: Wed, 21 Oct 2009 21:34:25 +0200

Package: systemtap
Severity: grave
Tags: security

Three denial of service issues were found in SystemTap. Lenny is
not affected. Please see 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2911 for
the verbose explanation by Red Hat's Jan Lieskovsky:

Patches are available here:
https://bugzilla.redhat.com/attachment.cgi?id=365293 (SystemTap-1.0-limit-printf-arguments.patch)
https://bugzilla.redhat.com/attachment.cgi?id=365294 (SystemTap-1.0-limit-dwarf-expression-stack-size.patch)
https://bugzilla.redhat.com/attachment.cgi?id=365413 (SystemTap-1.0-unwind-table-size-checks.patch)

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages systemtap depends on:
ii  libc6                         2.9-27     GNU C Library: Shared libraries
ii  libelf1                       0.143-1    library to read and write ELF file
ii  libgcc1                       1:4.4.1-6  GCC support library
ii  libsqlite3-0                  3.6.18-1   SQLite 3 shared library
ii  libstdc++6                    4.4.1-6    The GNU Standard C++ Library v3
pn  systemtap-runtime             <none>     (no description available)

systemtap recommends no packages.

Versions of packages systemtap suggests:
pn  systemtap-doc                 <none>     (no description available)
pn  vim-addon-manager             <none>     (no description available)

Message #12 received at 551918-close@bugs.debian.org (full text, mbox, reply):

From: Євгеній Мещеряков <eugen@debian.org>

To: 551918-close@bugs.debian.org

Subject: Bug#551918: fixed in systemtap 1.0-2

Date: Thu, 22 Oct 2009 13:32:18 +0000

Source: systemtap
Source-Version: 1.0-2

We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:

systemtap-client_1.0-2_amd64.deb
  to pool/main/s/systemtap/systemtap-client_1.0-2_amd64.deb
systemtap-doc_1.0-2_all.deb
  to pool/main/s/systemtap/systemtap-doc_1.0-2_all.deb
systemtap-grapher_1.0-2_amd64.deb
  to pool/main/s/systemtap/systemtap-grapher_1.0-2_amd64.deb
systemtap-runtime_1.0-2_amd64.deb
  to pool/main/s/systemtap/systemtap-runtime_1.0-2_amd64.deb
systemtap-sdt-dev_1.0-2_all.deb
  to pool/main/s/systemtap/systemtap-sdt-dev_1.0-2_all.deb
systemtap-server_1.0-2_amd64.deb
  to pool/main/s/systemtap/systemtap-server_1.0-2_amd64.deb
systemtap_1.0-2.diff.gz
  to pool/main/s/systemtap/systemtap_1.0-2.diff.gz
systemtap_1.0-2.dsc
  to pool/main/s/systemtap/systemtap_1.0-2.dsc
systemtap_1.0-2_amd64.deb
  to pool/main/s/systemtap/systemtap_1.0-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551918@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Євгеній Мещеряков <eugen@debian.org> (supplier of updated systemtap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Oct 2009 22:05:22 +0200
Source: systemtap
Binary: systemtap systemtap-runtime systemtap-doc systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.0-2
Distribution: unstable
Urgency: high
Maintainer: Євгеній Мещеряков <eugen@debian.org>
Changed-By: Євгеній Мещеряков <eugen@debian.org>
Description: 
 systemtap  - instrumentation system for Linux 2.6
 systemtap-client - instrumentation system for Linux 2.6 (client for compile server)
 systemtap-doc - documentation and examples for SystemTap
 systemtap-grapher - instrumentation system for Linux 2.6 (grapher)
 systemtap-runtime - instrumentation system for Linux 2.6 (runtime component)
 systemtap-sdt-dev - statically defined probes development files
 systemtap-server - instrumentation system for Linux 2.6 (compile server)
Closes: 551918
Changes: 
 systemtap (1.0-2) unstable; urgency=high
 .
   * Fix multiple DoS issues (CVE-2009-2911), thanks to Moritz Muehlenhoff
     fo reporting. Urgency is high because of security bug.
     (closes: 551918)
   * New patches (stolen from RedHat's bugzilla):
     - SystemTap-1.0-limit-printf-arguments.patch
     - SystemTap-1.0-limit-dwarf-expression-stack-size.patch
     - SystemTap-1.0-unwind-table-size-checks.patch
Checksums-Sha1: 
 c177285e18dbd5ebaf03c68a5a7331e855d0495c 1671 systemtap_1.0-2.dsc
 1de80f1a9a2c66c11e2f3d931865569d3565c5db 24676 systemtap_1.0-2.diff.gz
 00c871b4e910560ebd43cad618544fbfbb6e6c38 939592 systemtap_1.0-2_amd64.deb
 409311d2626ac31f762ff96aa39e71f2aa26d152 54020 systemtap-runtime_1.0-2_amd64.deb
 cb61a02f39ca5801ef5c50b13e885150f5d9a35b 647020 systemtap-doc_1.0-2_all.deb
 0adbcc2a40d2280d799bdf27ec96c14bb78474d9 38176 systemtap-server_1.0-2_amd64.deb
 f2049a8376524604464ef6cff8dc5573f71df665 32834 systemtap-client_1.0-2_amd64.deb
 2ac0e23ef0a70c090f337567ff9ac05bfab06396 18588 systemtap-sdt-dev_1.0-2_all.deb
 a1808ae74485ff7485d0794da2dbf0b9ffd8b3fe 55744 systemtap-grapher_1.0-2_amd64.deb
Checksums-Sha256: 
 1d91e8a42d446976565520cf66b814661cfcab1f8bfe12666957e3da9224a7b7 1671 systemtap_1.0-2.dsc
 90094b3f185d36759f2e224e9de6cbde113e13dadc26868b45c18238844d84bd 24676 systemtap_1.0-2.diff.gz
 1fae8b85d9107d13aafa2c6e98b45358f0a9aff268c3555ef1a975d0d1d6e9e2 939592 systemtap_1.0-2_amd64.deb
 cd25248996da04e02534e9b4885abb663184567c16bf2a692324cbc027ceb250 54020 systemtap-runtime_1.0-2_amd64.deb
 d82049bced0c3bac0eeb0a36a2113b4628c676b54db6d18a3bd632f114eaad47 647020 systemtap-doc_1.0-2_all.deb
 cec9eecd37ef98fc5cb40a02472ed367697b400b1acf99a6b87389ed0981c329 38176 systemtap-server_1.0-2_amd64.deb
 33bb17c3f99623db140559bc2255b8e7da0ff5d940c746d0a005b0094212bbd6 32834 systemtap-client_1.0-2_amd64.deb
 5abb2a3365c1bdb7c399897c9ea2cac0c156d45e32d1d7478d022b3d4533e9a2 18588 systemtap-sdt-dev_1.0-2_all.deb
 1a3aa78a1be11cc63ed09119595d4c62764cd2269becd1f7110de8062656ecba 55744 systemtap-grapher_1.0-2_amd64.deb
Files: 
 edcf6dc2ef7a8e93324604b22fbd6181 1671 devel optional systemtap_1.0-2.dsc
 bd8484919627cd7b634fcfaa0ea591e3 24676 devel optional systemtap_1.0-2.diff.gz
 fe07d11bb25dae0dea0375461e1f5823 939592 devel optional systemtap_1.0-2_amd64.deb
 8bdf9f04fa6a5a53f4ea49aa2b4fa737 54020 devel optional systemtap-runtime_1.0-2_amd64.deb
 635483b29972e8c172da37ff86436892 647020 doc optional systemtap-doc_1.0-2_all.deb
 9b17bf79a621026781a59a8e68528b20 38176 devel optional systemtap-server_1.0-2_amd64.deb
 c57e8bfb192018e9d4986e4008f21fc6 32834 devel optional systemtap-client_1.0-2_amd64.deb
 da35d86d879516771ee90c09a26f155e 18588 devel optional systemtap-sdt-dev_1.0-2_all.deb
 1cbae32457db5ad2fdbbe739c769c4cd 55744 devel optional systemtap-grapher_1.0-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrgVZ8ACgkQKaC6+zmozOKGLACfaGVfJM43S4pEL42qgl9wO8O+
8Z4Anizofnmd5jI/3YlIH9pIaH8vlR+X
=Gp4W
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.