[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
The Eoan Ermine has reached end of life, so this bug will not be fixed for that release ** Changed in: whoopsie (Ubuntu Eoan) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Bionic: Fix Released Status in whoopsie source package in Eoan: Won't Fix Status in whoopsie source package in Focal: Fix Released Status in whoopsie source package in Groovy: Fix Released Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
This bug was fixed in the package whoopsie - 0.2.71 --- whoopsie (0.2.71) groovy; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Brian Murray Wed, 05 Aug 2020 15:00:45 -0700 ** Changed in: whoopsie (Ubuntu Groovy) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Bionic: Fix Released Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Fix Released Status in whoopsie source package in Groovy: Fix Released Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
This bug was fixed in the package whoopsie - 0.2.62ubuntu0.5 --- whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 ** Changed in: whoopsie (Ubuntu Bionic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Confirmed Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Bionic: Fix Released Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Fix Released Status in whoopsie source package in Groovy: Confirmed Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
This bug was fixed in the package whoopsie - 0.2.69ubuntu0.1 --- whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 ** Changed in: whoopsie (Ubuntu Focal) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11937 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12135 ** Changed in: whoopsie (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Confirmed Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Bionic: Fix Released Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Fix Released Status in whoopsie source package in Groovy: Confirmed Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
This bug was fixed in the package whoopsie - 0.2.52.5ubuntu0.5 --- whoopsie (0.2.52.5ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Confirmed Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Bionic: Fix Released Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Fix Released Status in whoopsie source package in Groovy: Confirmed Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
Looks like this is CVE-2020-15570 ** Changed in: whoopsie (Ubuntu Xenial) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Bionic) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Eoan) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Focal) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Groovy) Assignee: Alex Murray (alexmurray) => Marc Deslauriers (mdeslaur) ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15570 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Confirmed Status in whoopsie source package in Xenial: Confirmed Status in whoopsie source package in Bionic: Confirmed Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Confirmed Status in whoopsie source package in Groovy: Confirmed Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1882180] Re: DoS vulnerability: fail to allocate
https://github.com/sungjungk/whoopsie_killer2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1882180 Title: DoS vulnerability: fail to allocate Status in whoopsie package in Ubuntu: Confirmed Status in whoopsie source package in Xenial: Confirmed Status in whoopsie source package in Bionic: Confirmed Status in whoopsie source package in Eoan: Confirmed Status in whoopsie source package in Focal: Confirmed Status in whoopsie source package in Groovy: Confirmed Bug description: Hi, I have found a security issue on whoopsie 0.2.69 and earlier. # Vulnerability description In whoopsie 0.2.69 and earlier, there is a denial of service vulnerability in the parse_report function. A crafted input, i.e., crash report located in '/var/crash/', will lead to a denial of service attack. During the parsing of the crash report, the data length is not checked. The value of data length can be directly controlled by an input file. In the parse_report() function, the g_malloc or g_realloc is called based on data length. If we set the value of data length close to the amount of system memory, it will cause the daemon process to terminate unexpectedly, hang the system, or trigger the OOM killer. # PoC Please check the below whoopsie_killer2.py Sincerely, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
