Your message dated Sat, 07 Sep 2019 14:37:11 +0100
with message-id
<17351b82f829eb6917f78885cb849c4060b0a4a6.ca...@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 9.10 point release
has caused the Debian Bug report #922930,
regarding stretch-pu: package slurm-llnl/16.05.9-1+deb9u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
922930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922930
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
I'd like to update slurm-llnl in the next stable point release to
fix a security vulnerability (CVE-2019-6438) on 32-bit systems that
would potentially allow heap-overflow.
debdiff attached, diffstat follows:
changelog | 7 +++++
patches/CVE-2019-6438 | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++
patches/series | 1
3 files changed, 75 insertions(+)
Thanks
--
Gennaro Oliva
diff -Nru slurm-llnl-16.05.9/debian/changelog
slurm-llnl-16.05.9/debian/changelog
--- slurm-llnl-16.05.9/debian/changelog 2018-07-23 12:00:49.000000000 +0200
+++ slurm-llnl-16.05.9/debian/changelog 2019-02-21 17:24:53.000000000 +0100
@@ -1,3 +1,10 @@
+slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium
+
+ * Fix CVE-2019-6438 by adding mitigation for a potential
+ heap-overflow on 32-bit systems (Closes: #920997)
+
+ -- Gennaro Oliva <[email protected]> Thu, 21 Feb 2019 17:24:53 +0100
+
slurm-llnl (16.05.9-1+deb9u2) stretch-security; urgency=high
* Fix CVE-2018-10995 caused by mishandling user names (aka user_name
diff -Nru slurm-llnl-16.05.9/debian/patches/CVE-2019-6438
slurm-llnl-16.05.9/debian/patches/CVE-2019-6438
--- slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 1970-01-01
01:00:00.000000000 +0100
+++ slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 2019-02-21
17:19:14.000000000 +0100
@@ -0,0 +1,67 @@
+Description: Add mitigation for a potential heap-overflow on 32-bit systems
+ Force intermediate values to uint64_t to catch the potential overflow
+ This patch was adapted from the changes of the 17.11 upstream branch
+Author: Gennaro Oliva <[email protected]>
+Bug-Debian: https://bugs.debian.org/920997
+Origin:
https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda
+Forwarded: no
+Last-Update: 2019-02-12
+
+--- a/src/common/xmalloc.c
++++ b/src/common/xmalloc.c
+@@ -72,13 +72,17 @@ static void malloc_assert_failed(char *,
+ * clear (IN) initialize to zero
+ * RETURN pointer to allocate heap space
+ */
+-void *slurm_xmalloc(size_t size, bool clear,
++void *slurm_xmalloc(uint64_t size, bool clear,
+ const char *file, int line, const char *func)
+ {
+ void *new;
+ size_t *p;
+ size_t total_size = size + 2 * sizeof(size_t);
+
++
++ if (size > 0xffffffff)
++ fatal("attempt at overflow");
++
+ if (clear)
+ p = calloc(1, total_size);
+ else
+--- slurm-llnl-16.05.9.orig/src/common/xmalloc.h
++++ slurm-llnl-16.05.9/src/common/xmalloc.h
+@@ -76,6 +76,8 @@
+ #ifndef _XMALLOC_H
+ #define _XMALLOC_H
+
++#include <stdint.h>
++
+ #if HAVE_SYS_TYPES_H
+ # include <sys/types.h>
+ #endif
+@@ -83,13 +85,13 @@
+ #include "macros.h"
+
+ #define xmalloc(__sz) \
+- slurm_xmalloc (__sz, true, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_xmalloc ((uint64_t) __sz, true, __FILE__, __LINE__,
__CURRENT_FUNC__)
+
+ #define xmalloc_nz(__sz) \
+- slurm_xmalloc (__sz, false, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_xmalloc ((uint64_t) __sz, false, __FILE__, __LINE__,
__CURRENT_FUNC__)
+
+ #define try_xmalloc(__sz) \
+- slurm_try_xmalloc(__sz, __FILE__, __LINE__, __CURRENT_FUNC__)
++ slurm_try_xmalloc((uint64_t) __sz, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+ #define xfree(__p) \
+ slurm_xfree((void **)&(__p), __FILE__, __LINE__, __CURRENT_FUNC__)
+@@ -109,7 +111,7 @@
+ #define xsize(__p) \
+ slurm_xsize((void *)__p, __FILE__, __LINE__, __CURRENT_FUNC__)
+
+-void *slurm_xmalloc(size_t, bool, const char *, int, const char *);
++void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *);
+ void *slurm_try_xmalloc(size_t , const char *, int , const char *);
+ void slurm_xfree(void **, const char *, int, const char *);
+ void *slurm_xrealloc(void **, size_t, bool, const char *, int, const char *);
diff -Nru slurm-llnl-16.05.9/debian/patches/series
slurm-llnl-16.05.9/debian/patches/series
--- slurm-llnl-16.05.9/debian/patches/series 2018-06-22 09:53:34.000000000
+0200
+++ slurm-llnl-16.05.9/debian/patches/series 2019-02-21 17:19:14.000000000
+0100
@@ -5,3 +5,4 @@
CVE-2017-15566
CVE-2018-10995
CVE-2018-7033
+CVE-2019-6438
--- End Message ---
--- Begin Message ---
Version: 9.10
Hi,
The fixes referenced by each of these bugs were included in today's
stretch point release (9.10).
Regards,
Adam
--- End Message ---
