Your message dated Tue, 23 Apr 2019 13:04:38 +0000
with message-id <[email protected]>
and subject line Bug#916902: fixed in pspp 1.2.0-3
has caused the Debian Bug report #916902,
regarding pspp: CVE-2018-20230
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
916902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pspp
Version: 1.2.0-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for pspp.
CVE-2018-20230[0]:
| An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
| overflow at the function read_bytes_internal in
| utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact.
> ==6100==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x602000000471 at pc 0x7fa0eba71110 bp 0x7ffcb1f6d0f0 sp 0x7ffcb1f6c8a0
> WRITE of size 199 at 0x602000000471 thread T0
> #0 0x7fa0eba7110f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f)
> #1 0x40d1a9 in read_bytes_internal utilities/pspp-dump-sav.c:1585
> #2 0x40d2c9 in read_bytes utilities/pspp-dump-sav.c:1601
> #3 0x40c0e6 in open_text_record utilities/pspp-dump-sav.c:1399
> #4 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912
> #5 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626
> #6 0x407340 in main utilities/pspp-dump-sav.c:218
> #7 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308
> #8 0x4024d9 in _start (/tmp/pspp-1.2.0/utilities/pspp-dump-sav+0x4024d9)
>
> 0x602000000471 is located 0 bytes to the right of 1-byte region
> [0x602000000470,0x602000000471)
> allocated by thread T0 here:
> #0 0x7fa0ebac1ed0 in __interceptor_malloc
> (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8ed0)
> #1 0x40f138 in xmalloc gl/xmalloc.c:41
> #2 0x40c0cb in open_text_record utilities/pspp-dump-sav.c:1398
> #3 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912
> #4 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626
> #5 0x407340 in main utilities/pspp-dump-sav.c:218
> #6 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f)
> Shadow bytes around the buggy address:
> 0x0c047fff8030: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> 0x0c047fff8040: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> 0x0c047fff8050: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> 0x0c047fff8060: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> 0x0c047fff8070: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> =>0x0c047fff8080: fa fa fd fa fa fa fd fa fa fa fd fa fa fa[01]fa
> 0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 0x0c047fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> ==6100==ABORTING
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20230
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1660318
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pspp
Source-Version: 1.2.0-3
We believe that the bug you reported is fixed in the latest version of
pspp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated pspp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Apr 2019 13:59:03 +0200
Source: pspp
Binary: pspp pspp-dbgsym
Architecture: source amd64
Version: 1.2.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team
<[email protected]>
Changed-By: Andreas Tille <[email protected]>
Description:
pspp - Statistical analysis tool
Closes: 916902
Changes:
pspp (1.2.0-3) unstable; urgency=medium
.
[ Andreas Tille ]
* Team upload.
* Take over package into Debian Science team maintenance
.
[ Ben Pfaff ]
* Issue error message for too-large extension records. (CVE-2018-20230)
Closes: #916902
Checksums-Sha1:
b69f73fb205d4b66bc36b036e7cc5cf7faddddae 2596 pspp_1.2.0-3.dsc
8b9a01d048a8e543c11f17d6e92e09bf22ce357c 28332 pspp_1.2.0-3.debian.tar.xz
8b522b00fda7b53b03758a1b5ce3001d3d740e39 3795416 pspp-dbgsym_1.2.0-3_amd64.deb
5802898e41c196b6abfa54dcb13a2ae2bceae161 18249 pspp_1.2.0-3_amd64.buildinfo
ec07cc41c41f0db4c287811d05564ad8c6ca1845 3809960 pspp_1.2.0-3_amd64.deb
Checksums-Sha256:
d9652af99ade53670534314848ec06dd82f9f1358a14884086305297f0dd0fcd 2596
pspp_1.2.0-3.dsc
37fade9f21d7e4748eb01ae54ea751378905bb7c380d31b0873ca9763b58a399 28332
pspp_1.2.0-3.debian.tar.xz
9ac5c90175908aa4e32d0676675d2df398a82ab8565e97862898aa7215a338c4 3795416
pspp-dbgsym_1.2.0-3_amd64.deb
b4cc64ac40396d591c2401d0bd3c89995859bbf3bdaa99c99c82477449301519 18249
pspp_1.2.0-3_amd64.buildinfo
02b15744576cefe92a1f874d8663575caaa71c0e6c60795e8617c23338fc5fc3 3809960
pspp_1.2.0-3_amd64.deb
Files:
aa887b04f373a6debfd0f6b2d2f8ac43 2596 math optional pspp_1.2.0-3.dsc
db112244122caa38580e71f1829a3080 28332 math optional pspp_1.2.0-3.debian.tar.xz
16e600785f903d6a9c13a817f47f5b09 3795416 debug optional
pspp-dbgsym_1.2.0-3_amd64.deb
4177b58614dd9f03ca4d20905441ef73 18249 math optional
pspp_1.2.0-3_amd64.buildinfo
42f4ff59934206b37574fc317b94a854 3809960 math optional pspp_1.2.0-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAly/BogRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFwSw//YL2M32a3Ky6AYQIBVFzIYQortBcs8ZS+
uqHnuZr6wRJgj82NS8Bvwo0JE69gps6dLCfua+8oYdWh65LtrhYuQeqdt1zj9eoA
HkwifMsEEalHMTYTQ3Ml+obELv0q4hn77ShRbT0yZ6i94RQiOOZ6qU5X3AvFs7SN
LgFxyaZ9D7o7CjZdUxa05p0jwuYeM+BxxDpIecB5OWSaeptBrcVWVD0ys5P37v7E
e6wqAjBVjyVOb0MSC0fp4IJmeHfiq/y85THoeKKChKUjeIIWE2IzIZKMZP+y9n3x
ikrsiwiUGRdRoRU8of6zwNiY7KcXTtUrImg/Nj/EXKPimhEbKpD2FJdQGl8FnU4P
xYWMx5iJjnS+FFHehaK9Rd9Z+lsKngjqfUFUp5KfuSH+v8ZeEjdc9W7mtA3ROVQd
QzTNguG/yizjyYPralfTMAV3tMm+u9o00NhexsSKeNbnUZrZhXu/mrOreHOzUrVw
0q95T+weg3drk+LyUOuVfYfezPHRbSN3PwC3Bznd2l11Gz4QAUYr3TO8LaH9P/3n
3VfxLLG6AiPiqeErofHXyAM3KL42Ey6F7v+OohP5PWhLRI2QxJEI/lUCZ+lw8ohY
7NJCLniUz2FSkbXdp9G5cgt8blklXp7HPdDnsrlHJ0KHKwYS3/u9LUTxYYFGU/4I
Wi1juPW2I00=
=tMeX
-----END PGP SIGNATURE-----
--- End Message ---
