Summary: | <app-misc/screen-4.3.1-r1: Stack overflow due to deep recursion causing process freeze (CVE-2015-6806) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jer, shell-tools, swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://savannah.gnu.org/bugs/?45713 | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1258802 http://bugs.debian.org/797624 |
||
Whiteboard: | B3 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 549938 |
Description
Agostino Sarubbo
2015-09-02 10:08:37 UTC
This one affects all of: =app-misc/screen-4.0.3-r6 =app-misc/screen-4.2.1-r2 =app-misc/screen-4.3.1 and every ebuild in between. But these were also reported: http://savannah.gnu.org/bugs/?45714 http://savannah.gnu.org/bugs/?45715 commit 71c7bd0 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Tue Sep 15 23:14:26 2015 +0000 app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> create mode 100644 app-misc/screen/files/screen-4.3.1-ansi.c.patch create mode 100644 app-misc/screen/screen-4.3.1-r1.ebuild Arch teams, Please stabilise: app-misc/screen-4.3.1-r1.ebuild Target arches: alpha amd64 arm arm64 hppa ia64 m64k mips ppc ppc64 s390 sh sparc x86 (phew!) Thank you. Stable for HPPA PPC64. Stable on alpha. Stable for amd64. ppc stable ia64 stable arm stable x86 stable ping @sparc sparc stable GLSA vote: no. (In reply to Mikle Kolyada from comment #11) > sparc stable > > GLSA vote: no. GLSA vote: No commit 7eebcd3 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Sat Oct 10 15:33:53 2015 +0000 app-misc/screen: Clean up vulnerable versions. Fixes security bug 559394. Package-Manager: portage-2.2.20.1 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 app-misc/screen/files/4.0.2-64bit-time.patch delete mode 100644 app-misc/screen/files/4.0.2-no-libelf.patch delete mode 100644 app-misc/screen/files/4.0.2-no-pty.patch delete mode 100644 app-misc/screen/files/4.0.2-no-utempter.patch delete mode 100644 app-misc/screen/files/4.0.2-nonblock.patch delete mode 100644 app-misc/screen/files/4.0.2-windowlist-multiuser-fix.patch delete mode 100644 app-misc/screen/files/4.0.3-extend-d_termname-ng2.patch delete mode 100644 app-misc/screen/files/screen-4.0.1-int-overflow-fix.patch delete mode 100644 app-misc/screen/files/screen-4.0.1-vsprintf.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-config.h-autoconf-2.62.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-cppflags.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-crosscompile.patch delete mode 100644 app-misc/screen/files/screen-4.0.3-setenv_autoconf.patch delete mode 100644 app-misc/screen/screen-4.0.3-r6.ebuild delete mode 100644 app-misc/screen/screen-4.0.3-r7.ebuild delete mode 100644 app-misc/screen/screen-4.0.3-r8.ebuild delete mode 100644 app-misc/screen/screen-4.2.1-r2.ebuild delete mode 100644 app-misc/screen/screen-4.3.1.ebuild Markins as FIXED as per IRC discussion with Kristian and Mikle. |