| Summary: | <app-misc/screen-4.3.1-r1: Stack overflow due to deep recursion causing process freeze (CVE-2015-6806) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | jer, shell-tools, swegener |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://savannah.gnu.org/bugs/?45713 | ||
| See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1258802 http://bugs.debian.org/797624 |
||
| Whiteboard: | B3 [noglsa/cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 549938 | ||
This one affects all of: =app-misc/screen-4.0.3-r6 =app-misc/screen-4.2.1-r2 =app-misc/screen-4.3.1 and every ebuild in between. But these were also reported: http://savannah.gnu.org/bugs/?45714 http://savannah.gnu.org/bugs/?45715 commit 71c7bd0 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Tue Sep 15 23:14:26 2015 +0000 app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> create mode 100644 app-misc/screen/files/screen-4.3.1-ansi.c.patch create mode 100644 app-misc/screen/screen-4.3.1-r1.ebuild Arch teams, Please stabilise: app-misc/screen-4.3.1-r1.ebuild Target arches: alpha amd64 arm arm64 hppa ia64 m64k mips ppc ppc64 s390 sh sparc x86 (phew!) Thank you. Stable for HPPA PPC64. Stable on alpha. Stable for amd64. ppc stable ia64 stable arm stable x86 stable ping @sparc sparc stable GLSA vote: no. (In reply to Mikle Kolyada from comment #11) > sparc stable > > GLSA vote: no. GLSA vote: No commit 7eebcd3 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Sat Oct 10 15:33:53 2015 +0000 app-misc/screen: Clean up vulnerable versions. Fixes security bug 559394. Package-Manager: portage-2.2.20.1 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 app-misc/screen/files/4.0.2-64bit-time.patch delete mode 100644 app-misc/screen/files/4.0.2-no-libelf.patch delete mode 100644 app-misc/screen/files/4.0.2-no-pty.patch delete mode 100644 app-misc/screen/files/4.0.2-no-utempter.patch delete mode 100644 app-misc/screen/files/4.0.2-nonblock.patch delete mode 100644 app-misc/screen/files/4.0.2-windowlist-multiuser-fix.patch delete mode 100644 app-misc/screen/files/4.0.3-extend-d_termname-ng2.patch delete mode 100644 app-misc/screen/files/screen-4.0.1-int-overflow-fix.patch delete mode 100644 app-misc/screen/files/screen-4.0.1-vsprintf.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-config.h-autoconf-2.62.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-cppflags.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-crosscompile.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-setenv_autoconf.patch delete mode 100644 app-misc/screen/screen-4.0.3-r6.ebuild delete mode 100644 app-misc/screen/screen-4.0.3-r7.ebuild delete mode 100644 app-misc/screen/screen-4.0.3-r8.ebuild delete mode 100644 app-misc/screen/screen-4.2.1-r2.ebuild delete mode 100644 app-misc/screen/screen-4.3.1.ebuild Markins as FIXED as per IRC discussion with Kristian and Mikle. |
From ${URL} : A vulnerability was found in screen causing stack overflow which results in crashing the screen server process. After running malicious command inside screen, it will recursively call MScrollV to depth n/256. This is time consuming and will overflow the stack if 'n' is huge. CVE request: http://seclists.org/oss-sec/2015/q3/462 Upstream patch: http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c336a32a1dcd445e6b83827f83531d4c6414e2cd Upstream report (contains reproducer): https://savannah.gnu.org/bugs/?45713 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.