Your message dated Wed, 12 Nov 2014 21:58:04 +0100
with message-id <[email protected]>
and subject line Re: Bug#769285: unblock aircrack-ng/1:1.2-0~beta3-2
has caused the Debian Bug report #769285,
regarding unblock aircrack-ng/1:1.2-0~beta3-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
769285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769285
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: unblock: aircrack-ng/1:1.2-0~beta3-2
Package: release.debian.org
User: [email protected]
Usertags: unblock
Severity: important
X-Debbugs-CC: [email protected]
Please unblock package aircrack-ng
It fixes 4 security vulnerabilities. (#767979)
https://security-tracker.debian.org/tracker/CVE-2014-8321
https://security-tracker.debian.org/tracker/CVE-2014-8322
https://security-tracker.debian.org/tracker/CVE-2014-8323
https://security-tracker.debian.org/tracker/CVE-2014-8324
Attached is the debdiff against the package in testing.
unblock aircrack-ng/1:1.2-0~beta3-2
diff -Nru aircrack-ng-1.2-0~beta3/debian/changelog
aircrack-ng-1.2-0~beta3/debian/changelog
--- aircrack-ng-1.2-0~beta3/debian/changelog 2014-05-30 19:40:13.000000000
+0200
+++ aircrack-ng-1.2-0~beta3/debian/changelog 2014-11-12 00:16:47.000000000
+0100
@@ -1,3 +1,14 @@
+aircrack-ng (1:1.2-0~beta3-2) unstable; urgency=high
+
+ * Fix the following security vulnerabilities: (Closes: #767979)
+ * CVE-2014-8321 - GPS stack overflow.
+ * CVE-2014-8322 - tcp_test stack overflow.
+ * CVE-2014-8323 - buddy-ng missing checkin data format.
+ * CVE-2014-8324 - net_get missing check for invalid values.
+ * Add missing dh-python package to Build-Depends.
+
+ -- Carlos Alberto Lopez Perez <[email protected]> Tue, 11 Nov 2014 23:41:52
+0100
+
aircrack-ng (1:1.2-0~beta3-1) unstable; urgency=low
* New upstream release.
diff -Nru aircrack-ng-1.2-0~beta3/debian/control
aircrack-ng-1.2-0~beta3/debian/control
--- aircrack-ng-1.2-0~beta3/debian/control 2014-05-30 18:39:20.000000000
+0200
+++ aircrack-ng-1.2-0~beta3/debian/control 2014-11-12 00:15:54.000000000
+0100
@@ -5,6 +5,7 @@
Homepage: http://www.aircrack-ng.org/
Build-Depends:
debhelper (>= 9),
+ dh-python,
libgcrypt20-dev | libgcrypt11-dev,
libnl-genl-3-dev [linux-any],
libpcap0.8-dev,
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff
aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff
1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff
2014-11-11 23:52:09.000000000 +0100
@@ -0,0 +1,26 @@
+From ff70494dd389ba570dbdbf36f217c28d4381c6b5 Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <[email protected]>
+Date: Fri, 3 Oct 2014 01:51:21 +0000
+Subject: [PATCH] Airodump-ng: Fixed GPS stack overflow (Closes #13 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2416
28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/airodump-ng.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/airodump-ng.c b/src/airodump-ng.c
+index 6cec912..222492c 100644
+--- a/src/airodump-ng.c
++++ b/src/airodump-ng.c
+@@ -4497,7 +4497,7 @@ void gps_tracker( void )
+ }
+
+ // New version, JSON
+- if( recv( gpsd_sock, line + pos, sizeof( line ) - 1, 0 ) <= 0 )
++ if( recv( gpsd_sock, line + pos, sizeof( line ) - pos - 1, 0 )
<= 0 )
+ return;
+
+ // search for TPV class: {"class":"TPV"
+--
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff
aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff
1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff
2014-11-11 23:52:57.000000000 +0100
@@ -0,0 +1,27 @@
+From 091b153f294b9b695b0b2831e65936438b550d7b Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <[email protected]>
+Date: Fri, 3 Oct 2014 01:53:50 +0000
+Subject: [PATCH] Aireplay-ng: Fixed tcp_test stack overflow (Closes #14 on
+ GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2417
28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/aireplay-ng.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/aireplay-ng.c b/src/aireplay-ng.c
+index 7335442..b397015 100644
+--- a/src/aireplay-ng.c
++++ b/src/aireplay-ng.c
+@@ -5398,6 +5398,8 @@ int tcp_test(const char* ip_str, const short port)
+ if( (unsigned)caplen == sizeof(nh))
+ {
+ len = ntohl(nh.nh_len);
++ if (len > 1024 || len < 0)
++ continue;
+ if( nh.nh_type == 1 && i==0 )
+ {
+ i=1;
+--
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff
aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff
1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff
2014-11-11 23:53:42.000000000 +0100
@@ -0,0 +1,26 @@
+From da087238963c1239fdabd47dc1b65279605aca70 Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <[email protected]>
+Date: Fri, 3 Oct 2014 01:58:02 +0000
+Subject: [PATCH] Buddy-ng: Fixed segmentation fault (Closes #15 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2418
28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/buddy-ng.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/buddy-ng.c b/src/buddy-ng.c
+index 8a7927c..8da8996 100644
+--- a/src/buddy-ng.c
++++ b/src/buddy-ng.c
+@@ -83,6 +83,8 @@ int handle(int s, unsigned char* data, int len, struct
sockaddr_in *s_in)
+ *cmd++ = htons(S_CMD_PACKET);
+ *cmd++ = *pid;
+ plen = len - 2;
++ if (plen < 0)
++ return 0;
+
+ last_id = ntohs(*pid);
+ if (last_id > 20000)
+--
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff
aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff
--- aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff
1970-01-01 01:00:00.000000000 +0100
+++ aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff
2014-11-11 23:54:55.000000000 +0100
@@ -0,0 +1,27 @@
+From 88702a3ce4c28a973bf69023cd0312f412f6193e Mon Sep 17 00:00:00 2001
+From: Thomas d'Otreppe <[email protected]>
+Date: Fri, 3 Oct 2014 02:00:34 +0000
+Subject: [PATCH] OSdep: Fixed segmentation fault that happens with a malicious
+ server sending a negative length (Closes #16 on GitHub).
+
+git-svn-id: http://svn.aircrack-ng.org/trunk@2419
28c6078b-6c39-48e3-add9-af49d547ecab
+---
+ src/osdep/network.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/osdep/network.c b/src/osdep/network.c
+index 4f0f8b2..4ebfaf4 100644
+--- a/src/osdep/network.c
++++ b/src/osdep/network.c
+@@ -131,7 +131,7 @@ int net_get(int s, void *arg, int *len)
+ if (!(plen <= *len))
+ printf("PLEN %d type %d len %d\n",
+ plen, nh.nh_type, *len);
+- assert(plen <= *len); /* XXX */
++ assert(plen <= *len && plen > 0); /* XXX */
+
+ *len = plen;
+ if ((*len) && (net_read_exact(s, arg, *len) == -1))
+--
+2.0.0.rc2
+
diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/series
aircrack-ng-1.2-0~beta3/debian/patches/series
--- aircrack-ng-1.2-0~beta3/debian/patches/series 2014-05-20
20:31:44.000000000 +0200
+++ aircrack-ng-1.2-0~beta3/debian/patches/series 2014-11-11
23:59:00.000000000 +0100
@@ -2,3 +2,7 @@
001-Airodump_whitespace_oui.diff
002-fix-libnl-detection.diff
003-dont-abort-libnl-nolinux.diff
+004-CVE-2014-8321.diff
+005-CVE-2014-8322.diff
+006-CVE-2014-8323.diff
+007-CVE-2014-8324.diff
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
On Wed, Nov 12, 2014 at 19:23:35 +0100, Carlos Alberto Lopez Perez wrote:
> Please unblock aircrack-ng/1:1.2-0~beta3-3
That code doesn't inspire any sort of confidence... Unblocked.
Cheers,
Julien
signature.asc
Description: Digital signature
--- End Message ---
