On 16.03.2015 11:20, Raphael Hertzog wrote:
Hello Gerrit,
the Debian LTS team would like to fix the security issues which are
currently open in the Squeeze version of checkpw:
https://security-tracker.debian.org/tracker/CVE-2015-0885
Hi,
I have prepared and tested a fix for squeeze.
Salvatore Bonaccorso's fix for Wheezy can also be applied to the version
in Squeeze. I have tested the fix by following the steps outlined in [1]
and can confirm that it solves the issue.
Please find attached a debdiff for review to this e-mail.
Regards,
Markus
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780139#16
diff -u checkpw-1.02/debian/changelog checkpw-1.02/debian/changelog
--- checkpw-1.02/debian/changelog
+++ checkpw-1.02/debian/changelog
@@ -1,3 +1,10 @@
+checkpw (1.02-1+deb6u1) squeeze; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2015-0885: Fix denial of service via -- in usernames (Closes: #780139)
+
+ -- Markus Koschany a...@gambaru.de Mon, 30 Mar 2015 14:02:06 +0200
+
checkpw (1.02-1) unstable; urgency=low
* new upstream point release.
only in patch2:
unchanged:
--- checkpw-1.02.orig/debian/diff/CVE-2015-0885.diff
+++ checkpw-1.02/debian/diff/CVE-2015-0885.diff
@@ -0,0 +1,24 @@
+--- checkpw-1.02.orig/checkapoppw.c
checkpw-1.02/checkapoppw.c
+@@ -85,7 +85,7 @@
+ pw = getpwnam(login);
+ if (pw) break;
+ if (errno == error_txtbsy) die(111);
+-for (; ext != login *ext != '-'; --ext);
++do {--ext;} while (ext != login *ext != '-');
+ if (ext == login) die(1);
+ if (i) login[i] = '-';
+ i = ext - login;
+only in patch2:
+unchanged:
+--- checkpw-1.02.orig/checkpw.c
checkpw-1.02/checkpw.c
+@@ -71,7 +71,7 @@
+ pw = getpwnam(login);
+ if (pw) break;
+ if (errno == error_txtbsy) die(111);
+-for (; ext != login *ext != '-'; --ext);
++do {--ext;} while (ext != login *ext != '-');
+ if (ext == login) die(1);
+ if (i) login[i] = '-';
+ i = ext - login;
signature.asc
Description: OpenPGP digital signature