https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29672 says: IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479 Reproducible: Didn't try
Created attachment 705960 [details] Ebuild I created this ebuild in my local overlay (taking /usr/portage/app-backup/tsm/tsm-8.1.6.0-r1.ebuild as model) and installed it on my servers. On my first build I got the warning: * QA Notice: Unresolved soname dependencies: * * /opt/tivoli/tsm/tdpvmware/common/jre/jre/lib/amd64/libawt_xawt.so: libXft.so.2 * /opt/tivoli/tsm/tdpvmware/common/jre/jre/lib/amd64/libjsoundalsa.so: libasound.so.2 * The /opt/tivoli/tsm/tdpvmware/ contains the "Tivoli Storage FlashCopy Manager for VMware". As I don't use vmware I added the "tdpvmware" USE flag to omit this part. Since two days I run this on my servers and the scheduled backups work flawlessly.
Please bump.
Package list is empty or all packages have requested keywords.
Created attachment 758980 [details] updated Ebuild (minor fixes) Note that with this Ebuild some parts of the installion are broken. But that doesn't bother me because I only use the dsmc and the dsmj binary which work for me.
I think I should concretize this > Note that with this Ebuild some parts of the installion are broken. There are binaries and .so files with unresolved soname dependencies.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11629c2e66238b3bf753201af27c3147e3ab5cc9 commit 11629c2e66238b3bf753201af27c3147e3ab5cc9 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-01-19 21:48:28 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-01-19 21:48:49 +0000 app-backup/tsm: Version (and EAPI) bump Bug: https://bugs.gentoo.org/829189 Bug: https://bugs.gentoo.org/788115 Bug: https://bugs.gentoo.org/831509 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-backup/tsm/Manifest | 1 + app-backup/tsm/tsm-8.1.13.3.ebuild | 244 +++++++++++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19615ea1114f61342dcd610a4bedd9e9874b6c16 commit 19615ea1114f61342dcd610a4bedd9e9874b6c16 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-01-26 15:01:13 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-01-26 15:01:27 +0000 app-backup/tsm: Remove old Bug: https://bugs.gentoo.org/831509 Bug: https://bugs.gentoo.org/829189 Bug: https://bugs.gentoo.org/788115 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-backup/tsm/Manifest | 1 - app-backup/tsm/tsm-8.1.6.0-r2.ebuild | 243 ----------------------------------- 2 files changed, 244 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5279a8876e6339a00122fd648893ecfd6bfc9de4 commit 5279a8876e6339a00122fd648893ecfd6bfc9de4 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-01-26 15:00:36 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-01-26 15:01:24 +0000 app-backup/tsm: stable 8.1.13.3 for amd64 Bug: https://bugs.gentoo.org/831509 Bug: https://bugs.gentoo.org/829189 Bug: https://bugs.gentoo.org/788115 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> app-backup/tsm/tsm-8.1.13.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fe3e07b9e738d35142f3a5ca93fd91da657936e6 commit fe3e07b9e738d35142f3a5ca93fd91da657936e6 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-07 02:52:10 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-07 02:58:06 +0000 [ GLSA 202209-02 ] IBM Spectrum Protect: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/788115 Bug: https://bugs.gentoo.org/829189 Bug: https://bugs.gentoo.org/831509 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-02.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
GLSA released, all done!
