reopen 598286
tags 598286 + patch
thanks
>The full code of ./cowbell.in reads:
>
> 1 #!/bin/sh
> 2
> 3 libdir="@prefix@/lib/cowbell"
> 4 export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
Uhm, there are more problems that met the eye at first glance:
(
libdir="/usr/lib/cowbell"
LD_LIBRARY_PATH="::"
LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
echo $LD_LIBRARY_PATH
)
# => /usr/lib/cowbell:::
Proposed NMU follows.
Jari
diffstat for cowbell_0.2.7.1-5 cowbell_0.2.7.1-5.1
cowbell-0.2.7.1/debian/changelog | 12 +++++
debian/patches/10_CVE_2010_3353__bug598286.patch | 47 +++++++++++++++++++++++
2 files changed, 59 insertions(+)
diff -u cowbell-0.2.7.1/debian/changelog cowbell-0.2.7.1/debian/changelog
--- cowbell-0.2.7.1/debian/changelog
+++ cowbell-0.2.7.1/debian/changelog
@@ -1,3 +1,15 @@
+cowbell (0.2.7.1-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ - Move to packaging format "3.0 (quilt)" due to patch.
+ * debian/patches
+ - (Number 10): New patch. Fix CVE-2010-3353 insecure library loading.
+ (important, security; Closes: #598286).
+ * debian/source/format
+ - New file.
+
+ -- Jari Aalto <[email protected]> Mon, 18 Oct 2010 11:59:30 +0300
+
cowbell (0.2.7.1-5) unstable; urgency=low
* debian/control:
only in patch2:
unchanged:
--- cowbell-0.2.7.1.orig/debian/patches/10_CVE_2010_3353__bug598286.patch
+++ cowbell-0.2.7.1/debian/patches/10_CVE_2010_3353__bug598286.patch
@@ -0,0 +1,47 @@
+From b0e48de8c9a9ca853eab1a5bf5b90651eb28a10e Mon Sep 17 00:00:00 2001
+From: Jari Aalto <[email protected]>
+Date: Mon, 18 Oct 2010 11:54:16 +0300
+Subject: [PATCH] CVE-2010-3353 insecure library loading Bug#598286
+Organization: Private
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jari Aalto <[email protected]>
+---
+ cowbell.in | 17 ++++++++++++++++-
+ 1 files changed, 16 insertions(+), 1 deletions(-)
+ mode change 100644 => 100755 cowbell.in
+
+diff --git a/cowbell.in b/cowbell.in
+old mode 100644
+new mode 100755
+index 0e68ebc..0274cc8
+--- a/cowbell.in
++++ b/cowbell.in
+@@ -1,7 +1,22 @@
+ #!/bin/sh
+
++
++Pathclean ()
++{
++ # Vulnerability fix for insecure library loading
++ # Make sure "::", "^:" or ":$" is not left in path arg $1
++
++ local tmp123xyz
++ tmp123xyz=$(echo "$1" | sed -e 's/::\+// ; s/^:// ; s/:$//' )
++
++ [ "$tmp123xyz" ] && echo "$tmp"
++}
++
+ libdir="@prefix@/lib/cowbell"
+-export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
++
++LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++LD_LIBRARY_PATH=$(Pathclean "$LD_LIBRARY_PATH")
++export LD_LIBRARY_PATH
+
+ if [ -e ./@dll@ ] && [ -e ./Makefile.am ]; then
+ echo "*** Running uninstalled @dll@ ***"
+--
+1.7.1
+