Bug#708866: marked as done (python-rrdtool: CVE-2013-2131: format string vulnerability)

Sat, 26 Apr 2014 15:00:49 -0700 

Your message dated Sat, 26 Apr 2014 21:57:08 +0000
with message-id <[email protected]>
and subject line Bug#708866: fixed in rrdtool 1.4.8-1
has caused the Debian Bug report #708866,
regarding python-rrdtool: CVE-2013-2131: format string vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
708866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708866
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: python-rrdtool
Version: 1.4.7-2
Severity: important
Tags: security

python -c "import rrdtool;rrdtool.graph('/tmp/out.png','-f','%n%n')"
Segmentation fault

Backtrace attached.

Reported in http://www.openwall.com/lists/oss-security/2013/04/18/5

-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-rrdtool depends on:
ii  libc6    2.13-38
ii  librrd4  1.4.7-2
ii  python   2.7.3-4

python-rrdtool recommends no packages.

python-rrdtool suggests no packages.

-- no debconf information

(gdb) run -c "import rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')"
Starting program: /usr/bin/python2.7 -c "import 
rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')"
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6fdd85d in _IO_vfprintf_internal (s=0x7fffffffabf0, 
format=0x7ffff7ed16b4 "%n%n", ap=0x7fffffffad18)
    at vfprintf.c:1622
1622    vfprintf.c: No such file or directory.
(gdb) bt
#0  0x00007ffff6fdd85d in _IO_vfprintf_internal (s=0x7fffffffabf0, 
format=0x7ffff7ed16b4 "%n%n", ap=0x7fffffffad18)
    at vfprintf.c:1622
#1  0x00007ffff700332a in _IO_vasprintf 
(result_ptr=result_ptr@entry=0x7fffffffad10, format=0x7ffff7ed16b4 "%n%n", 
    args=args@entry=0x7fffffffad18) at vasprintf.c:64
#2  0x00007ffff67ee0ba in sprintf_alloc (fmt=<optimized out>) at rrd_info.c:28
#3  0x00007ffff67e4c3e in rrd_graph_v (argc=4, argv=<optimized out>) at 
rrd_graph.c:4035
#4  0x00007ffff67e4d83 in rrd_graph (argc=<optimized out>, argv=<optimized 
out>, prdata=prdata@entry=0x7fffffffdf88, 
    xsize=xsize@entry=0x7fffffffdf78, ysize=ysize@entry=0x7fffffffdf7c, 
stream=stream@entry=0x0, ymin=ymin@entry=
    0x7fffffffdf90, ymax=ymax@entry=0x7fffffffdf98) at rrd_graph.c:3883
#5  0x00007ffff6a0824d in PyRRD_graph (self=<optimized out>, args=<optimized 
out>) at rrdtoolmodule.c:297
#6  0x00000000004ac5ce in call_function (oparg=<optimized out>, 
pp_stack=0x7fffffffe150) at ../Python/ceval.c:4021
#7  PyEval_EvalFrameEx (f=f@entry=Frame 0x9a6620, for file <string>, line 1, in 
<module> (), throwflag=throwflag@entry=0)
    at ../Python/ceval.c:2666
#8  0x00000000004b3fd8 in PyEval_EvalCodeEx (co=co@entry=0x7ffff7f1e630, 
globals=globals@entry=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, locals=locals@entry=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, args=args@entry=0x0, argcount=argcount@entry=0, kws=kws@entry=0x0, 
    kwcount=kwcount@entry=0, defs=defs@entry=0x0, defcount=defcount@entry=0, 
closure=closure@entry=0x0)
    at ../Python/ceval.c:3253
#9  0x0000000000564d5f in PyEval_EvalCode (locals=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, globals=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, co=0x7ffff7f1e630) at ../Python/ceval.c:667
#10 run_mod (arena=0x95baf0, flags=<optimized out>, locals=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, globals=
_doc__': None, '__package__': None}, filename=0x599fd4 "<string>", 
mod=0x912808) at ../Python/pythonrun.c:1365
#11 PyRun_StringFlags (str=str@entry=0x8d3010 "import 
rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')\n", 
    start=start@entry=257, globals=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, locals=
    {'__builtins__': <module at remote 0x7ffff7f9bad0>, '__name__': '__main__', 
'rrdtool': <module at remote 0x7ffff7ed2168>, '__doc__': None, '__package__': 
None}, flags=flags@entry=0x7fffffffe370) at ../Python/pythonrun.c:1328
#12 0x0000000000446872 in PyRun_SimpleStringFlags (command=command@entry=
    0x8d3010 "import rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')\n", 
flags=flags@entry=0x7fffffffe370)
    at ../Python/pythonrun.c:969
#13 0x00000000004479d2 in Py_Main (argc=3, argv=0x7fffffffe528) at 
../Modules/main.c:583
#14 0x00007ffff6fb5ead in __libc_start_main (main=<optimized out>, 
argc=<optimized out>, ubp_av=<optimized out>, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
stack_end=0x7fffffffe518) at libc-start.c:228
#15 0x00000000004c7f39 in _start ()

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: rrdtool
Source-Version: 1.4.8-1

We believe that the bug you reported is fixed in the latest version of
rrdtool, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Harl <[email protected]> (supplier of updated rrdtool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Apr 2014 21:18:20 +0200
Source: rrdtool
Binary: rrdtool rrdcached rrdtool-dbg librrd4 librrd-dev librrds-perl 
librrdp-perl rrdtool-tcl python-rrdtool ruby-rrd librrd-ruby librrd-ruby1.8 
librrd-ruby1.9.1 liblua5.1-rrd0 liblua5.1-rrd-dev
Architecture: source amd64 all
Version: 1.4.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian RRDtool Team <[email protected]>
Changed-By: Sebastian Harl <[email protected]>
Description: 
 liblua5.1-rrd-dev - time-series data storage and display system (Lua 5.1 
development)
 liblua5.1-rrd0 - time-series data storage and display system (Lua 5.1 
interface)
 librrd-dev - time-series data storage and display system (development)
 librrd-ruby - Transitional package to ruby-rrd
 librrd-ruby1.8 - Transitional package to ruby-rrd
 librrd-ruby1.9.1 - Transitional package to ruby-rrd
 librrd4    - time-series data storage and display system (runtime library)
 librrdp-perl - time-series data storage and display system (Perl interface, 
pipe
 librrds-perl - time-series data storage and display system (Perl interface, 
shar
 python-rrdtool - time-series data storage and display system (Python interface)
 rrdcached  - data caching daemon for RRDtool
 rrdtool    - time-series data storage and display system (programs)
 rrdtool-dbg - time-series data storage and display system (debugging symbols)
 rrdtool-tcl - time-series data storage and display system (Tcl interface)
 ruby-rrd   - time-series data storage and display system (Ruby interface)
Closes: 451852 663505 686825 708866 726159 736333 743947
Changes: 
 rrdtool (1.4.8-1) unstable; urgency=medium
 .
   [ Sebastian Harl ]
   * New upstream release; thanks to Alin Dobre for reporting this and
     providing various patches (Closes: #726159):
     - Fixed the xport JSON output format; thanks to Thomas Mainka for
       reporting this (Closes: #686825).
     - Fixed a segfault in rrdcached when using -j on non-existent directories;
       thanks to Witold Baryluk for reporting this (Closes: #663505).
     - Fixed segfault in rrdgraph caused by int32 overflows; thanks to Matej
       Kosik for reporting this (Closes: #451852).
   * Fixed changelog of 1.4.7-2 regarding the versioned build-dep on tcl-dev.
   * Merged 1.4.7-2.1 NMU; thanks to Christian Hofstaedtler (Closes: 736333).
   * debian/patches:
     - Added CVE-2013-2131; upstream patch fixing a format string vulnerability
       in rrdgraph; thanks to Henri Salo for reporting this (Closes: #708866).
       Raised urgency to medium for this.
   * debian/patches, debian/rules, debian/control:
     - Added build_ldadd; patch Makefile to pass $ALL_LIBS to rrdcached's
       linker flags to ensure it's going to be linked against libglib.
     - Build-depend on and use dh-autoreconf to manage the build_ldadd patch.
   * debian/control:
     - Optionally recommend fonts-dejavu-core as (the preferred) alternative to
       ttf-dejavu-core; thanks to Martin-Éric Racine for reporting this
       (Closes: #743947).
     - Updated standards-version to 3.9.5 -- no changes.
   * debian/rules:
     - Clean up bindings/perl-shared/MYMETA.json.
     - Added INSTALL_BASE= to the perl options; else, the Perl libs end up in
       $HOME.
 .
   [ Alin Dobre ]
   * debian/patches:
     - Removed bts664724-rrdcached-j-segfault, ruby_bindings_format_string,
       and tcl-8.5 which were applied upstream.
Checksums-Sha1: 
 23642e746e7116473f60a78087e275da2804f5a6 2424 rrdtool_1.4.8-1.dsc
 56d68857f39e70bfa32360947614d8220702ed02 1379482 rrdtool_1.4.8.orig.tar.gz
 a9ce1feaf8b333e9784bda0132a98296a2a96037 27681 rrdtool_1.4.8-1.diff.gz
 746ffa52bd2befe483f16c321b004dfc744a71eb 433814 rrdtool_1.4.8-1_amd64.deb
 89457234a068d337f919222224e43c16b3b40900 146062 rrdcached_1.4.8-1_amd64.deb
 58d61f8e771ee0a7c0499426ae4071d2d2774d5e 476488 rrdtool-dbg_1.4.8-1_amd64.deb
 8b96a29a3d9cffc245eb8df27da40bb67eded236 220554 librrd4_1.4.8-1_amd64.deb
 adc141a2e8e37e203db375a47dc834b4a55313ce 222890 librrd-dev_1.4.8-1_amd64.deb
 d2d6aaf8175e56054b0f98cd1fd4a11c722ac150 117066 librrds-perl_1.4.8-1_amd64.deb
 740b470a74ed3a16ed49905122e419f05381daab 109608 rrdtool-tcl_1.4.8-1_amd64.deb
 12d2a9f3277eb10df35d29c71bb26d654fc7a329 110292 
python-rrdtool_1.4.8-1_amd64.deb
 ce43c1cd8f66e432b13c9bc0160a2fa5fddca464 110250 ruby-rrd_1.4.8-1_amd64.deb
 338f1b1c00955aa1b4e24e14175ef7a7e0a007eb 107974 
liblua5.1-rrd0_1.4.8-1_amd64.deb
 33e24e868eb50e8bb4632b1330404e52c756c43f 112820 
liblua5.1-rrd-dev_1.4.8-1_amd64.deb
 a79f6c22150473fadb0536350e5f81a47b516b21 109614 librrdp-perl_1.4.8-1_all.deb
 08e50f1c999471e59261fe48112b6a6aa9907495 103748 librrd-ruby_1.4.8-1_all.deb
 c9d0828c2231b6b1a1beb7fed974fd1af1c31317 103764 librrd-ruby1.8_1.4.8-1_all.deb
 f868b41e222d07c03ebce2ed771bf2ba8847ecf3 103768 
librrd-ruby1.9.1_1.4.8-1_all.deb
Checksums-Sha256: 
 15e99959d83331f74f288bf2db8f4e0eb047bb81c972d2115ff7396477ad195f 2424 
rrdtool_1.4.8-1.dsc
 de95b9f5aa488b0683600aad5a07c316f8d98cbe8d00aa0a1c87e2b2ef89f3d6 1379482 
rrdtool_1.4.8.orig.tar.gz
 b58aae276825e68f46529020102e4ebd2b846fcf6e83a95aaa823cd578ea60a2 27681 
rrdtool_1.4.8-1.diff.gz
 b5f3f9bab30b4530f58dc13091b29886bf03e8d6a31ef933fa409a0b7fd43e48 433814 
rrdtool_1.4.8-1_amd64.deb
 a89ce777ab1feb0d6efa4d9aba9d044208cc15cfceaba4152f85bf8b79010574 146062 
rrdcached_1.4.8-1_amd64.deb
 4458b51ee51eaf5abf18c3ffa99dcfafc24031abec67f7ebc642051f97491e8f 476488 
rrdtool-dbg_1.4.8-1_amd64.deb
 3b0b8559bb68fb7f4088d428a9ee181293f7ea1b0f08eca548a44e797b3a13ad 220554 
librrd4_1.4.8-1_amd64.deb
 c74c6ed8440f532de7111c9e388126311ef9ca6227ed588efeddf35d42603729 222890 
librrd-dev_1.4.8-1_amd64.deb
 20a627dd2a2c629f660cb7081a044f1826d870940b51c7a3892538c889e0aeb6 117066 
librrds-perl_1.4.8-1_amd64.deb
 bdb07bdbe192323bfcd5de6a7a836a6a088e3151279b3c2baa556a2701ad9b79 109608 
rrdtool-tcl_1.4.8-1_amd64.deb
 8c19f617f2fe63705ae14d9b861186faff4e9c358ee1c08edbf5789e83a15fc6 110292 
python-rrdtool_1.4.8-1_amd64.deb
 b26347b3ea9781995400130f310c2a2ec8a3c41178192dc4645d6b2718aaee6e 110250 
ruby-rrd_1.4.8-1_amd64.deb
 52e7c83220ed877af5993227dcab0f703d4845834d3c79f59de7ee66b75a5575 107974 
liblua5.1-rrd0_1.4.8-1_amd64.deb
 86980af554eb54c2659effa4a76222c3b72162df52a2bf4a92f26971233414c5 112820 
liblua5.1-rrd-dev_1.4.8-1_amd64.deb
 9e5c37ebebee4c8ad6ecda3ca15d7817d279c883a596e779d5054eb092186baa 109614 
librrdp-perl_1.4.8-1_all.deb
 ae72d07014a3b71b85009a2000e19f8f2b2e13549d90e821cbaf2363e6301a54 103748 
librrd-ruby_1.4.8-1_all.deb
 f8f7259f2a52d49e85006611fa30d19f95415a0021c9a7fb0b2fce90d66d03af 103764 
librrd-ruby1.8_1.4.8-1_all.deb
 ebcae733a9888282ae4f2f06c5236bcc9d99f524c5714242d8a42f11c990db8b 103768 
librrd-ruby1.9.1_1.4.8-1_all.deb
Files: 
 0c5b85dcf789eedb7c2dffbb4c636f60 433814 utils optional 
rrdtool_1.4.8-1_amd64.deb
 b2948a3aa971454752d4b297ff754b72 146062 utils optional 
rrdcached_1.4.8-1_amd64.deb
 ecbb12c01d96c527e803f7ff61b84bc5 476488 debug extra 
rrdtool-dbg_1.4.8-1_amd64.deb
 430ab99db2ba010ca55254b35c88e178 220554 libs optional librrd4_1.4.8-1_amd64.deb
 25ae07574db9db5bb0d1d76533c76e35 222890 libdevel optional 
librrd-dev_1.4.8-1_amd64.deb
 db50df15d39ca86260987b130b4b0ad2 117066 perl optional 
librrds-perl_1.4.8-1_amd64.deb
 4b0b2d1e9ded11ee176d8e3a5e9e6db6 109608 utils optional 
rrdtool-tcl_1.4.8-1_amd64.deb
 90c0b911493cd411546b820a10106190 110292 python optional 
python-rrdtool_1.4.8-1_amd64.deb
 8d1c5c95bc2e3ef30192e96b71f635ec 110250 ruby optional 
ruby-rrd_1.4.8-1_amd64.deb
 b028cc7642e64379b2296117f595c78c 107974 interpreters optional 
liblua5.1-rrd0_1.4.8-1_amd64.deb
 cd5979920def9fe883cf9d6852575be2 112820 libdevel optional 
liblua5.1-rrd-dev_1.4.8-1_amd64.deb
 d17c548a120327d658638a1d1c39cbd3 109614 perl optional 
librrdp-perl_1.4.8-1_all.deb
 823f82ff850f15ebe15b9351481e01e5 103748 oldlibs extra 
librrd-ruby_1.4.8-1_all.deb
 e2ac3216feb486b41eec825dd020526f 103764 oldlibs extra 
librrd-ruby1.8_1.4.8-1_all.deb
 84f8878d96f7e28257bb8abd90f20ebd 103768 oldlibs extra 
librrd-ruby1.9.1_1.4.8-1_all.deb
 56c8a8a3941b1db104d19fec5763cf4a 2424 utils optional rrdtool_1.4.8-1.dsc
 dbe59386db97fd2f2216729facd74ca8 1379482 utils optional 
rrdtool_1.4.8.orig.tar.gz
 be3dd2c7b38197a56a80d0a7d461ee71 27681 utils optional rrdtool_1.4.8-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlNcDrcACgkQEFEKc4UBx/yPVwCePWfjx5TzWz5awoFDWULkZ4sV
RM4AoIUfx85HbRwtrwFcFsdblgdJ+B9h
=2tDv
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to