Hello community, here is the log from the commit of package nut for openSUSE:Factory checked in at 2012-08-22 12:14:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nut (Old) and /work/SRC/openSUSE:Factory/.nut.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nut", Maintainer is "sbra...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/nut/nut.changes 2012-06-01 07:22:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nut.new/nut.changes 2012-08-22 12:14:35.000000000 +0200 @@ -1,0 +2,5 @@ +Thu May 31 17:36:17 CEST 2012 - sbra...@suse.cz + +- Fix random network data crash (bnc#764699, CVE-2012-2944). + +------------------------------------------------------------------- New: ---- nut-CVE-2012-2944.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nut.spec ++++++ --- /var/tmp/diff_new_pack.3mrqRX/_old 2012-08-22 12:14:39.000000000 +0200 +++ /var/tmp/diff_new_pack.3mrqRX/_new 2012-08-22 12:14:39.000000000 +0200 @@ -61,6 +61,8 @@ Patch3: nut-notifyflag.patch Patch4: nut-powersave.patch Patch6: nut-udev.patch +# PATCH-FIX-SECURITY nut-CVE-2012-2944.patch bnc764699 CVE-2012-2944 sbra...@suse.cz -- Fix random data crash. +Patch7: nut-CVE-2012-2944.patch Provides: smartups = %version Obsoletes: smartups < %version Conflicts: apcupsd @@ -189,6 +191,7 @@ sed -i 's:/usr/lib/pm-utils/functions:/etc/pm/functions:' nut.sleep %endif sed -i s:/usr/local/ups/bin:/bin: conf/upssched.conf.sample.in +%patch7 -p2 [ -f docs/nut-qa.txt ] dos2unix docs/nut-qa.txt ++++++ nut-CVE-2012-2944.patch ++++++ Timestamp: 05/29/12 18:19:38 Author: aquette Message: Fix CVE-2012-2944: upsd can be remotely crashed NUT server (upsd), from versions 2.4.0 to 2.6.3, are exposed to crashes when receiving random data from the network. This issue is related to the way NUT parses characters, especially from the network. Non printable characters were missed from strings operation (such as strlen), but still copied to the buffer, causing an overflow. Thus, fix NUT parser, to only allow the subset Ascii charset from Space to ~ (Reported by Sebastian Pohle, Alioth bug #313636, CVE-2012-2944) Index: /trunk/common/parseconf.c =================================================================== --- /trunk/common/parseconf.c (revision 3487) +++ /trunk/common/parseconf.c (revision 3633) @@ -171,4 +171,11 @@ wbuflen = strlen(ctx->wordbuf); + + /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */ + if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) { + fprintf(stderr, "addchar: discarding invalid character (0x%02x)!\n", + ctx->ch); + return; + } if (ctx->wordlen_limit != 0) { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org