Hello community, here is the log from the commit of package opie for openSUSE:11.4 checked in at Tue Jun 28 16:26:14 CEST 2011.
Patchinfo file has no description -------- --- old-versions/11.4/all/opie/opie.changes 2010-10-31 19:04:12.000000000 +0100 +++ 11.4/opie/opie.changes 2011-06-28 15:38:57.000000000 +0200 @@ -1,0 +2,7 @@ +Mon Jun 27 16:51:42 CEST 2011 - [email protected] + +- Fixed 2 singlebyte overflows in opiesu (bnc#698772 CVE-2011-2489) +- Fixed missing setuid() return check in opielogin (bnc#698772 CVE-2011-2490) +- actually run the permission hooks + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/opie Destination is old-versions/11.4/UPDATES/all/opie calling whatdependson for 11.4-i586 New: ---- opielogin-setuid-CVE-2011-2490.patch opiesu-overflow-CVE-2011-2489.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opie.spec ++++++ --- /var/tmp/diff_new_pack.jDYipQ/_old 2011-06-28 16:24:37.000000000 +0200 +++ /var/tmp/diff_new_pack.jDYipQ/_new 2011-06-28 16:24:37.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package opie (Version 2.4) +# spec file for package opie # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ BuildRequires: bison pam-devel Url: http://www.inner.net/opie Version: 2.4 -Release: 708 +Release: 711.<RELEASE712> License: GPLv2+ Group: Productivity/Security Provides: pam_opie @@ -47,6 +47,9 @@ Patch12: %{name_pam}-%{version_pam}_array-subscript.patch Patch13: %name-2.4-getline.patch Patch14: %name-2.4-fclose.patch +Patch15: opielogin-setuid-CVE-2011-2490.patch +Patch16: opiesu-overflow-CVE-2011-2489.patch +Requires: permissions Summary: Support for One-Time Passwords BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -81,6 +84,8 @@ cd .. %patch13 %patch14 +%patch15 +%patch16 %build # build opie @@ -108,6 +113,13 @@ %clean [ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT +%verifyscript +%verify_permissions -e /usr/bin/opiepasswd -e /usr/bin/opiesu +%verify_permissions -e /usr/bin/opiesu + +%post +%run_permissions + %files %defattr(-,root,root) %dir /etc/opielocks ++++++ opielogin-setuid-CVE-2011-2490.patch ++++++ --- opielogin.c.xx 2011-06-27 16:46:10.000000000 +0200 +++ opielogin.c 2011-06-27 16:48:05.000000000 +0200 @@ -1309,7 +1309,11 @@ fflush(stderr); #endif /* PERMSFILE */ - setuid(thisuser.pw_uid); + if (setuid(thisuser.pw_uid) < 0) { + syslog(LOG_ERR, "setuid() failed with %m. Attack attempt on tty %s, name %s", tty, name); + exit(1); + } + /* destroy environment unless user has asked to preserve it */ if (!pflag) ++++++ opiesu-overflow-CVE-2011-2489.patch ++++++ --- opiesu.c.xx 2011-06-27 16:48:46.000000000 +0200 +++ opiesu.c 2011-06-27 16:50:18.000000000 +0200 @@ -102,7 +102,7 @@ static char userbuf[16] = "USER="; static char homebuf[128] = "HOME="; static char shellbuf[128] = "SHELL="; -static char pathbuf[sizeof("PATH") + sizeof(DEFAULT_PATH) - 1] = "PATH="; +static char pathbuf[sizeof("PATH=") + sizeof(DEFAULT_PATH) - 1] = "PATH="; static char termbuf[32] = "TERM="; static char *cleanenv[] = {userbuf, homebuf, shellbuf, pathbuf, 0, 0}; static char *user = "root"; @@ -260,10 +260,12 @@ int argvsize = 0; for (i = 0; i < argc; argvsize += strlen(argv[i++])); argvsize += argc; + argvsize ++; /* final \0 */ if (!(argvbuf = malloc(argvsize))) { syslog(LOG_ERR, "can't allocate memory to store command line"); exit(1); }; + argvbuf[0] = '\0'; for (i = 0, *argvbuf = 0; i < argc;) { strcat(argvbuf, argv[i]); if (++i < argc) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
