Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 152758
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tavis Ormandy (RETIRED) <taviso@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 152758 depends on: 153127 Show dependency tree
Bug 152758 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-10-25 02:02 0000 
According to the ChangeLog:

 Changes in beta release 2.5.17 (19-Jul-2006)
 * Bug Fixes:
    - Fixed tempfile vulnerabilities in FvwmCommand.

2.5.18 is in the tree, and should be ready for stabilisation.

------- Comment #1 From Tavis Ormandy (RETIRED) 2006-10-25 02:04:25 0000 ------- 
target keywords

KEYWORDS="alpha amd64 ia64 ppc ppc64 sparc x86"

arches, please test and mark stable.

------- Comment #2 From Raúl Porcel 2006-10-25 03:44:48 0000 ------- 
In x86:

Works and compiles fine.

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.12.5
Last Sync: Wed, 25 Oct 2006 07:50:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon-tbird -mtune=athlon-tbird  -O2 -pipe
-fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox
sfperms strict"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ "
LINGUAS=""
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.belnet.be/packages/gentoo-portage"
USE="x86 X bitmap-fonts bzip2 cairo cdr cli cracklib crypt dbus dlloader dri
dvd dvdr eds elibc_glibc emboss encode fam firefox fortran gif gpm gstreamer
gtk hal input_devices_evdev input_devices_keyboard input_devices_mouse isdnlog
jpeg kernel_linux ldap libg++ mad mikmod mp3 mpeg ncurses nptl nptlonly ogg
opengl pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection
sdl session spell spl ssl tcpd truetype truetype-fonts type1-fonts udev unicode
userland_GNU video_cards_vesa vorbis win32codecs xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS,
MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #3 From Gustavo Zacarias (RETIRED) 2006-10-25 07:38:24 0000 ------- 
sparc stable.

------- Comment #4 From Dimitry Bradt (RETIRED) 2006-10-25 09:53:36 0000 ------- 
x86:

1) emerges fine
2) passes collision test
3) works

Portage 2.1.2_pre3-r8 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.4-r4,
2.6.18-gentoo-r1 i686)
=================================================================
System uname: 2.6.18-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz
Gentoo Base System version 1.12.5
Last Sync: Tue, 24 Oct 2006 22:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config
/usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb
/usr/share/config /usr/share/texmf/dvipdfm/config/
/usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
DISTDIR="/mnt/nfs/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox
sfperms strict"
GENTOO_MIRRORS="http://search.belnet.be/packages/gentoo/"
LC_ALL="nl_BE.UTF-8"
LINGUAS="en_GB nl"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/mnt/series/tmp/"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/repodoc-overlay"
SYNC="rsync://rsync5.nl.gentoo.org/gentoo-portage"
USE="x86 16bit S3TC X X509 aac aalib acl acpi activefilter alsa ansi apm arts
artworkextra audiofile avantgo bash-completion bcmath bdf bidi bitmap-fonts
blender-game bluetooth bzip2 bzlib cap cdda cddb cdinstall cdparanoia cdrom cgi
chroot cjk clanJavaScript clanVoice cli client code cracklib crypt csope cups
curl dba dlloader dri dts dv dvb dvd dvdread eds elibc_glibc emboss encode esd
fat firefox foomaticdb fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2
hal imap imlib input_devices_keyboard input_devices_mouse ipv6 isdnlog ithreads
java jpeg jython kadu-modules kadu-voice kakasi kde kdeenablefinal kernel_linux
latex lcms leim libclamav libdsk libg++ libgd libgda libsamplerate libwww
linguas_en_GB linguas_nl lirc lirc_devices_pctv lirc_devices_pinsys live lua
lufsusermount lzo lzw lzw-tiff m17n-lib mad maildir matroska matrox mcal
memlimit migemo mikmod mime mine mixer mjpeg mls mmap mmx mng monkey motif
mozcalendar mozdevelop mozilla mozp3p mozsvg mozxmlterm mp3 mpeg mpeg4 mpi
mplayer msn mule music mythtv nagios-dns nagios-ntp nagios-ping nagios-ssh
native ncurses net netcdf network neural nis nls nowin nptl nptlonly nsplugin
ntfs ntlm nvidia nviz oav objc ocaml offensive ofx ogg openal opengl opie oscar
ospfapi oss pam parse-clocks pcap pcntl pcre pdf perl pg-hier pg-intdatetime
pg-vacuumdelay pic plotutils png portaudio posix povray ppds pppd pri print
procmail pthreads python qt3 qt4 quicktime quotas quotes readline real
reflection reiser4 reiserfs resperl rhino rplay samba scanner screen sdl
servlet-2.3 servlet-2.4 session sftplogging silc simplexml skins skk slp smime
sndfile snortsam sockets socks5 softquota sox spell spl sse sse2 ssl
stencil-buffer stream stroke struts svg sysvipc szip t1lib tcpd tcsim tga
theora threads tidy tiff transcode truetype truetype-fonts type1-fonts udev uim
underscores unicode usb userland_GNU v4l v4l2 vcd vda vhosts video_cards_nv
video_cards_nvidia video_cards_vesa videos virus-scan vorbis wddx win32codecs
winbind wmf wxwindows xanim xatrix xchatdccserver xchattext xemacs xface
xgetdefault xine xinerama xml xml2 xmlrpc xorg xosd xpm xprint xrandr
xscreensaver xsl xv xvid xvmc yahoo yaz yp yv12 zaptel zeo zlib zvbi"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #5 From Markus Meier 2006-10-25 12:08:26 0000 ------- 
1. emerges on x86
2. passes collision test

x11-wm/fvwm-2.5.18  USE="gtk nls perl png readline truetype xinerama -bidi
-debug -imlib -rplay -stroke -tk"

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17.13 i686)
=================================================================
System uname: 2.6.17.13 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.5
Last Sync: Wed, 25 Oct 2006 16:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages
metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv
usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb
bitmap-fonts bzip2 cairo cdr cli cracklib crypt css cups dbus divx4linux
dlloader dri dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox
font-server fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal
input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde
kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB
logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3
mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl
png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl
seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype
truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none
video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg
xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #6 From Christian Faulhammer 2006-10-26 01:47:23 0000 ------- 
[ebuild  N    ] x11-wm/fvwm-2.5.18  USE="bidi gtk nls perl png readline
truetype -debug -imlib -rplay -stroke -tk -xinerama"

1) emerges fine so far
2) passes collision test
3) works

Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3,
2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Thu, 26 Oct 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 aiglx alsa artworkextra asf audiofile
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc
emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript
jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad
maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule
mysql nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc
ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print
python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang
spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff
truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev
video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows
xine xml xorg xosd xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #7 From Christian Faulhammer 2006-10-28 03:05:09 0000 ------- 
For USE="perl tk" dev-perl/X11-Protocol-0.56 is pulled in, which isn't stable
on all arches.  See dependency.

------- Comment #8 From Christian Faulhammer 2006-10-28 06:17:07 0000 ------- 
x86 happy now

------- Comment #9 From Tobias Scherbaum 2006-10-28 08:40:16 0000 ------- 
ppc stable

------- Comment #10 From Thomas Cort (RETIRED) 2006-10-29 07:58:05 0000 ------- 
stable on alpha and amd64.

------- Comment #11 From Bryan Østergaard (RETIRED) 2006-10-29 11:36:32 0000 ------- 
ia64 done.

------- Comment #12 From Raphael Marichez 2006-10-29 15:05:36 0000 ------- 
Hi,
the changelog is not really verbose on that vulnerability... some has any news
?

I think it's probably stg like an insecure tempfile creation, but who knows ?

------- Comment #13 From Viktor Griph 2006-10-31 08:17:12 0000 ------- 
(In reply to comment #12)
> Hi,
> the changelog is not really verbose on that vulnerability... some has any news
> ?
> 
> I think it's probably stg like an insecure tempfile creation, but who knows ?
> 

See http://www.mail-archive.com/fvwm-workers@lists.math.uh.edu/msg15233.html

------- Comment #14 From Raphael Marichez 2006-11-03 05:53:52 0000 ------- 
Thanks Viktor.

ppc64 have you got a problem here ?

------- Comment #15 From Brent Baude 2006-11-04 19:39:41 0000 ------- 
marked ppc64 stable

------- Comment #16 From Raphael Marichez 2006-11-06 01:39:58 0000 ------- 
TIme to vote (insecure creation of temporary files), i vote noglsa

------- Comment #17 From Wolf Giesen (RETIRED) 2006-11-06 02:55:25 0000 ------- 
Another no.

------- Comment #18 From Tavis Ormandy (RETIRED) 2006-11-06 03:19:30 0000 ------- 
no++

------- Comment #19 From Matthias Geerdsen 2006-11-09 14:51:07 0000 ------- 
closing since we have 3 "no" votes already
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug