Summary: | pwlib < 1.6.0: multiple vulnerabilities allow remote DoS attacks and possibly execution of arbitrary code | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | schaedpq |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | gnome, stkn |
Priority: | High | Flags: | klieber:
Assigned_To+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.postincrement.com/openh323/nissc_vulnerabilty.html | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
schaedpq
2004-03-26 15:58:27 UTC
stkn, can we go stable with pwlib-1.6.3? I have a problem with pwlib-1.6.3-r1 (Arch: x86) in combination with openh323-1.13.2-r1 and openh323-1.12.2-r2. In both cases I get an error message, when using simph323 to call someone: Could not open sound device VIA 8233 - Check permissions or full duplex capability. Could not open sound device VIA 8233 - Check permissions or full duplex capability. Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. ALSA lib pcm_hw.c:1055:(snd_pcm_hw_open) open /dev/snd/pcmC0D0c failed: Device or resource busy Could not open sound device VIA 8233 - Check permissions or full duplex capability. In call with ISDN gateway [192.168.202.10] Then the connection is established but neither me nor my the called person does hear anything. Of course I checked permissions (they are OK) and if some other process is using /dev/snd/pcmC0D0c, this is not the case. If I uninstall pwlib-1.6.3-r1 and reinstall pwlib-1.5.2-r2 (with openh323-1.12.2-r2) I have no problems and it worked like before the update. So I believe the cause of this problem must be somewhere in pwlib because everything works when downgrading to pwlib-1.5.2-r2 and keeping the same version of openh323 (openh323-1.12.2-r2). looks like simph323 is trying to use full-duplex and your sound card doesn't support it, does gnomemeeting work for you? I am not sure about that. I'm quite confident that the vt8235 has full duplex capabilities. In the past there was also no problem, when the two phoning people were speaking and hearing at the same time. If the hardware/ALSA driver would not support full duplex this should not have been the case as far I unterstand it. And I'm not changing the openh323 version (or simph323 in the openh323 package), I only update/downgrade pwlib (with recompiling the same openh323 version) and have the problem with pwlib-1.6.3 and not with pwlib-1.5.2. I tried to find out, what was changed but was quite unsuccesful because I really don't know the pwlib. There were some changes in pwlib/plugins/sound_alsa/sound_alsa.cxx in the 3 months, but I don't know if they are significant. I am not using gnomemeeting therefore it is not installed on my machine. But I will install and test it this evening after work and keep you informed about that. back on topic here please stkn, we need to go stable on this. @ Dominik : this problem does not directly relate to this bug and should've been filed as a new bug. i talked to stkn last night about this, we've decided to apply a patch against 1.5.2 (and then make it stable) for the security vunerability rather than making pwlib 1.6.3 stable, as the one included with gnomemeeting-1.0 doesn't seem to be endorsed as stable by the openh323 people. pwlib-1.5.2-r3 is in the tree, please do a little testing so i can mark it stable tomorrow (tuesday) adding other herds. AMD64 -- pwlib-1.5.2-r3 has amd64 specific stuff in it (if [ ${ARCH} = "amd64" ] ; then) but no amd64 keywords. plzfix when testing/marking stable. pwlib-1.5.2-r3 is stable on ppc. Removing from Cc. Stable, removing amd64 from CC Stable on sparc. Aida -- can you draft this GLSA? GLSA 200404-11 sent. |