| Summary: | Kernel: libceph: gracefully handle large reply messages from the mon | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | chutzpah, cluster, dlan, kernel, pacho, security-kernel |
| Priority: | Normal | Keywords: | STABLEREQ |
| Version: | unspecified | Flags: | nattka:
sanity-check-
|
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2014/09/15/4 | ||
| Whiteboard: | B2 [stable/cve] | ||
| Package list: |
=sys-kernel/gentoo-sources-3.4.113
|
Runtime testing required: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 464546, 469854, 512526, 524848, 568212, 579076 | ||
I'm CCing kernel team, since it's a kernel patch... also notice it has already been CCed to stable-kernel mailing list,so guess it will eventually goes to sys-kernel/gentoo-sources-3.14.x? thanks The kernel patch landed in linux-3.17-rc5. It was backported to linux-3.2.64 linux-3.4.105 linux-3.10.55 linux-3.12.29 linux-3.16.3 sys-kernel/gentoo-sources-3.2.x are not available. sys-kernel/gentoo-sources-3.4.x has no stable ebuild containing the fix, =sys-kernel/gentoo-sources-3.4.113 will be stabilized in bug 599526 at the moment. sys-kernel/gentoo-sources-3.10.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.10.61. sys-kernel/gentoo-sources-3.12.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.12.30. sys-kernel/gentoo-sources-3.16.x are not available. @ Arches, test and mark stable: =sys-kernel/gentoo-sources-3.4.113 amd64 stable x86 stable *** Bug 599526 has been marked as a duplicate of this bug. *** Keywords for sys-kernel/gentoo-sources:
| a a a h i p p s x m a m n r s s | e u s | r
| l m r p a p p p 8 i r 6 i i 3 h | a n l | e
| p d m p 6 c c a 6 p m 8 o s 9 | p u o | p
| h 6 a 4 6 r s 6 k s c 0 | i s t | o
| a 4 4 c 4 2 v | e |
| | d |
-------------+---------------------------------+-----------------+-------
3.4.113 | + + ~ ~ ~ ~ ~ ~ + o o o o o ~ ~ | 5 o 3.4.113 | gentoo
-------------+---------------------------------+-----------------+-------
3.4.113-r1 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o o o o o ~ ~ | 5 o 3.4.113-r1 | gentoo
-------------+---------------------------------+-----------------+-------
3.4.9999 | o o o o o o o o o o o o o o o o | 5 o 3.4.9999 | gentoo
Nothing to do here. Stable users of the 3.4 branch are already in trouble/on their own, and belatedly stabilising isn't going to help them.
What is the status of this finally? :/ Looks that the stabilization was interrupted Can we get a status on this? this is probably obsolete as the only affected version in the tree could be 3.10.x and now we have a new enough version in the tree to fix it Unable to check for sanity:
> no match for package: =sys-kernel/gentoo-sources-3.4.113
3.X is not in tree. Closing |
From ${URL} : https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 libceph: do not hard code max auth ticket len We hard code cephx auth ticket buffer size to 256 bytes. This isn't enough for any moderate setups and, in case tickets themselves are not encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but ceph_decode_copy() doesn't - it's just a memcpy() wrapper). Since the buffer is allocated dynamically anyway, allocated it a bit later, at the point where we know how much is going to be needed. Fixes: http://tracker.ceph.com/issues/8979 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.