Debian Bug report logs -
#551918
Multiple DoS issues
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 21 Oct 2009 19:39:02 UTC
Severity: grave
Tags: security
Fixed in version systemtap/1.0-2
Done: Євгеній Мещеряков <eugen@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Євгеній Мещеряков <eugen@debian.org>
:
Bug#551918
; Package systemtap
.
(Wed, 21 Oct 2009 19:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Євгеній Мещеряков <eugen@debian.org>
.
(Wed, 21 Oct 2009 19:39:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: systemtap
Severity: grave
Tags: security
Three denial of service issues were found in SystemTap. Lenny is
not affected. Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2911 for
the verbose explanation by Red Hat's Jan Lieskovsky:
Patches are available here:
https://bugzilla.redhat.com/attachment.cgi?id=365293 (SystemTap-1.0-limit-printf-arguments.patch)
https://bugzilla.redhat.com/attachment.cgi?id=365294 (SystemTap-1.0-limit-dwarf-expression-stack-size.patch)
https://bugzilla.redhat.com/attachment.cgi?id=365413 (SystemTap-1.0-unwind-table-size-checks.patch)
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages systemtap depends on:
ii libc6 2.9-27 GNU C Library: Shared libraries
ii libelf1 0.143-1 library to read and write ELF file
ii libgcc1 1:4.4.1-6 GCC support library
ii libsqlite3-0 3.6.18-1 SQLite 3 shared library
ii libstdc++6 4.4.1-6 The GNU Standard C++ Library v3
pn systemtap-runtime <none> (no description available)
systemtap recommends no packages.
Versions of packages systemtap suggests:
pn systemtap-doc <none> (no description available)
pn vim-addon-manager <none> (no description available)
Added tag(s) pending.
Request was from Євгеній Мещеряков <eugen@debian.org>
to control@bugs.debian.org
.
(Wed, 21 Oct 2009 20:24:06 GMT) (full text, mbox, link).
Reply sent
to Євгеній Мещеряков <eugen@debian.org>
:
You have taken responsibility.
(Thu, 22 Oct 2009 14:45:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Thu, 22 Oct 2009 14:45:05 GMT) (full text, mbox, link).
Message #12 received at 551918-close@bugs.debian.org (full text, mbox, reply):
Source: systemtap
Source-Version: 1.0-2
We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:
systemtap-client_1.0-2_amd64.deb
to pool/main/s/systemtap/systemtap-client_1.0-2_amd64.deb
systemtap-doc_1.0-2_all.deb
to pool/main/s/systemtap/systemtap-doc_1.0-2_all.deb
systemtap-grapher_1.0-2_amd64.deb
to pool/main/s/systemtap/systemtap-grapher_1.0-2_amd64.deb
systemtap-runtime_1.0-2_amd64.deb
to pool/main/s/systemtap/systemtap-runtime_1.0-2_amd64.deb
systemtap-sdt-dev_1.0-2_all.deb
to pool/main/s/systemtap/systemtap-sdt-dev_1.0-2_all.deb
systemtap-server_1.0-2_amd64.deb
to pool/main/s/systemtap/systemtap-server_1.0-2_amd64.deb
systemtap_1.0-2.diff.gz
to pool/main/s/systemtap/systemtap_1.0-2.diff.gz
systemtap_1.0-2.dsc
to pool/main/s/systemtap/systemtap_1.0-2.dsc
systemtap_1.0-2_amd64.deb
to pool/main/s/systemtap/systemtap_1.0-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 551918@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Євгеній Мещеряков <eugen@debian.org> (supplier of updated systemtap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 21 Oct 2009 22:05:22 +0200
Source: systemtap
Binary: systemtap systemtap-runtime systemtap-doc systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.0-2
Distribution: unstable
Urgency: high
Maintainer: Євгеній Мещеряков <eugen@debian.org>
Changed-By: Євгеній Мещеряков <eugen@debian.org>
Description:
systemtap - instrumentation system for Linux 2.6
systemtap-client - instrumentation system for Linux 2.6 (client for compile server)
systemtap-doc - documentation and examples for SystemTap
systemtap-grapher - instrumentation system for Linux 2.6 (grapher)
systemtap-runtime - instrumentation system for Linux 2.6 (runtime component)
systemtap-sdt-dev - statically defined probes development files
systemtap-server - instrumentation system for Linux 2.6 (compile server)
Closes: 551918
Changes:
systemtap (1.0-2) unstable; urgency=high
.
* Fix multiple DoS issues (CVE-2009-2911), thanks to Moritz Muehlenhoff
fo reporting. Urgency is high because of security bug.
(closes: 551918)
* New patches (stolen from RedHat's bugzilla):
- SystemTap-1.0-limit-printf-arguments.patch
- SystemTap-1.0-limit-dwarf-expression-stack-size.patch
- SystemTap-1.0-unwind-table-size-checks.patch
Checksums-Sha1:
c177285e18dbd5ebaf03c68a5a7331e855d0495c 1671 systemtap_1.0-2.dsc
1de80f1a9a2c66c11e2f3d931865569d3565c5db 24676 systemtap_1.0-2.diff.gz
00c871b4e910560ebd43cad618544fbfbb6e6c38 939592 systemtap_1.0-2_amd64.deb
409311d2626ac31f762ff96aa39e71f2aa26d152 54020 systemtap-runtime_1.0-2_amd64.deb
cb61a02f39ca5801ef5c50b13e885150f5d9a35b 647020 systemtap-doc_1.0-2_all.deb
0adbcc2a40d2280d799bdf27ec96c14bb78474d9 38176 systemtap-server_1.0-2_amd64.deb
f2049a8376524604464ef6cff8dc5573f71df665 32834 systemtap-client_1.0-2_amd64.deb
2ac0e23ef0a70c090f337567ff9ac05bfab06396 18588 systemtap-sdt-dev_1.0-2_all.deb
a1808ae74485ff7485d0794da2dbf0b9ffd8b3fe 55744 systemtap-grapher_1.0-2_amd64.deb
Checksums-Sha256:
1d91e8a42d446976565520cf66b814661cfcab1f8bfe12666957e3da9224a7b7 1671 systemtap_1.0-2.dsc
90094b3f185d36759f2e224e9de6cbde113e13dadc26868b45c18238844d84bd 24676 systemtap_1.0-2.diff.gz
1fae8b85d9107d13aafa2c6e98b45358f0a9aff268c3555ef1a975d0d1d6e9e2 939592 systemtap_1.0-2_amd64.deb
cd25248996da04e02534e9b4885abb663184567c16bf2a692324cbc027ceb250 54020 systemtap-runtime_1.0-2_amd64.deb
d82049bced0c3bac0eeb0a36a2113b4628c676b54db6d18a3bd632f114eaad47 647020 systemtap-doc_1.0-2_all.deb
cec9eecd37ef98fc5cb40a02472ed367697b400b1acf99a6b87389ed0981c329 38176 systemtap-server_1.0-2_amd64.deb
33bb17c3f99623db140559bc2255b8e7da0ff5d940c746d0a005b0094212bbd6 32834 systemtap-client_1.0-2_amd64.deb
5abb2a3365c1bdb7c399897c9ea2cac0c156d45e32d1d7478d022b3d4533e9a2 18588 systemtap-sdt-dev_1.0-2_all.deb
1a3aa78a1be11cc63ed09119595d4c62764cd2269becd1f7110de8062656ecba 55744 systemtap-grapher_1.0-2_amd64.deb
Files:
edcf6dc2ef7a8e93324604b22fbd6181 1671 devel optional systemtap_1.0-2.dsc
bd8484919627cd7b634fcfaa0ea591e3 24676 devel optional systemtap_1.0-2.diff.gz
fe07d11bb25dae0dea0375461e1f5823 939592 devel optional systemtap_1.0-2_amd64.deb
8bdf9f04fa6a5a53f4ea49aa2b4fa737 54020 devel optional systemtap-runtime_1.0-2_amd64.deb
635483b29972e8c172da37ff86436892 647020 doc optional systemtap-doc_1.0-2_all.deb
9b17bf79a621026781a59a8e68528b20 38176 devel optional systemtap-server_1.0-2_amd64.deb
c57e8bfb192018e9d4986e4008f21fc6 32834 devel optional systemtap-client_1.0-2_amd64.deb
da35d86d879516771ee90c09a26f155e 18588 devel optional systemtap-sdt-dev_1.0-2_all.deb
1cbae32457db5ad2fdbbe739c769c4cd 55744 devel optional systemtap-grapher_1.0-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrgVZ8ACgkQKaC6+zmozOKGLACfaGVfJM43S4pEL42qgl9wO8O+
8Z4Anizofnmd5jI/3YlIH9pIaH8vlR+X
=Gp4W
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 30 Nov 2009 07:31:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:11:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.