Hello community,
here is the log from the commit of package nut for openSUSE:Factory checked in
at 2012-08-22 12:14:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nut (Old)
and /work/SRC/openSUSE:Factory/.nut.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nut", Maintainer is "sbra...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/nut/nut.changes 2012-06-01 07:22:02.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.nut.new/nut.changes 2012-08-22
12:14:35.000000000 +0200
@@ -1,0 +2,5 @@
+Thu May 31 17:36:17 CEST 2012 - sbra...@suse.cz
+
+- Fix random network data crash (bnc#764699, CVE-2012-2944).
+
+-------------------------------------------------------------------
New:
----
nut-CVE-2012-2944.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nut.spec ++++++
--- /var/tmp/diff_new_pack.3mrqRX/_old 2012-08-22 12:14:39.000000000 +0200
+++ /var/tmp/diff_new_pack.3mrqRX/_new 2012-08-22 12:14:39.000000000 +0200
@@ -61,6 +61,8 @@
Patch3: nut-notifyflag.patch
Patch4: nut-powersave.patch
Patch6: nut-udev.patch
+# PATCH-FIX-SECURITY nut-CVE-2012-2944.patch bnc764699 CVE-2012-2944
sbra...@suse.cz -- Fix random data crash.
+Patch7: nut-CVE-2012-2944.patch
Provides: smartups = %version
Obsoletes: smartups < %version
Conflicts: apcupsd
@@ -189,6 +191,7 @@
sed -i 's:/usr/lib/pm-utils/functions:/etc/pm/functions:' nut.sleep
%endif
sed -i s:/usr/local/ups/bin:/bin: conf/upssched.conf.sample.in
+%patch7 -p2
[ -f docs/nut-qa.txt ]
dos2unix docs/nut-qa.txt
++++++ nut-CVE-2012-2944.patch ++++++
Timestamp:
05/29/12 18:19:38
Author:
aquette
Message:
Fix CVE-2012-2944: upsd can be remotely crashed
NUT server (upsd), from versions 2.4.0 to 2.6.3, are exposed to
crashes when receiving random data from the network.
This issue is related to the way NUT parses characters, especially
from the network. Non printable characters were missed from strings
operation (such as strlen), but still copied to the buffer, causing
an overflow.
Thus, fix NUT parser, to only allow the subset Ascii charset from
Space to ~
(Reported by Sebastian Pohle, Alioth bug #313636, CVE-2012-2944)
Index: /trunk/common/parseconf.c
===================================================================
--- /trunk/common/parseconf.c (revision 3487)
+++ /trunk/common/parseconf.c (revision 3633)
@@ -171,4 +171,11 @@
wbuflen = strlen(ctx->wordbuf);
+
+ /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ */
+ if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) {
+ fprintf(stderr, "addchar: discarding invalid character
(0x%02x)!\n",
+ ctx->ch);
+ return;
+ }
if (ctx->wordlen_limit != 0) {
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
