Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 522930 (CVE-2014-6416) - Kernel: libceph: gracefully handle large reply messages from the mon
Summary: Kernel: libceph: gracefully handle large reply messages from the mon
Status: RESOLVED FIXED
Alias: CVE-2014-6416
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [stable/cve]
Keywords: STABLEREQ
: 599526 (view as bug list)
Depends on:
Blocks: CVE-2014-3153 CVE-2013-0216, XSA-39 CVE-2013-2094 CVE-2014-7975 CVE-2015-8551, CVE-2015-8552, XSA-155, XSA-157 CVE-2016-3157, XSA-171
  Show dependency tree
 
Reported: 2014-09-16 09:07 UTC by Agostino Sarubbo
Modified: 2020-04-10 21:22 UTC (History)
6 users (show)

See Also:
Package list:
=sys-kernel/gentoo-sources-3.4.113
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-09-16 09:07:32 UTC
From ${URL} :

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8

libceph: do not hard code max auth ticket len

We hard code cephx auth ticket buffer size to 256 bytes. This isn't enough for
any moderate setups and, in case tickets themselves are not encrypted, leads to
buffer overflows (ceph_x_decrypt() errors out, but ceph_decode_copy() doesn't -
it's just a memcpy() wrapper). Since the buffer is allocated dynamically
anyway, allocated it a bit later, at the point where we know how much is going
to be needed.

Fixes: http://tracker.ceph.com/issues/8979



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yixun Lan gentoo-dev 2014-09-18 14:50:12 UTC
I'm CCing kernel team, since it's a kernel patch...

also notice it has already been CCed to stable-kernel mailing list,so guess it will eventually goes to sys-kernel/gentoo-sources-3.14.x? thanks
Comment 2 Thomas Deutschmann gentoo-dev Security 2016-11-21 15:01:21 UTC
The kernel patch landed in linux-3.17-rc5.

It was backported to

linux-3.2.64
linux-3.4.105
linux-3.10.55
linux-3.12.29
linux-3.16.3


sys-kernel/gentoo-sources-3.2.x are not available.

sys-kernel/gentoo-sources-3.4.x has no stable ebuild containing the fix, =sys-kernel/gentoo-sources-3.4.113 will be stabilized in bug 599526 at the moment.

sys-kernel/gentoo-sources-3.10.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.10.61.

sys-kernel/gentoo-sources-3.12.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.12.30.

sys-kernel/gentoo-sources-3.16.x are not available.
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-11-21 15:08:23 UTC
@ Arches,

test and mark stable: =sys-kernel/gentoo-sources-3.4.113
Comment 4 Agostino Sarubbo gentoo-dev 2016-11-26 10:36:49 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-11-26 10:44:32 UTC
x86 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2017-01-07 09:55:21 UTC
*** Bug 599526 has been marked as a duplicate of this bug. ***
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2017-01-07 09:58:20 UTC
Keywords for sys-kernel/gentoo-sources:
             | a a a h i p p s x m a m n r s s | e u s           | r
             | l m r p a p p p 8 i r 6 i i 3 h | a n l           | e
             | p d m p 6 c c a 6 p m 8 o s 9   | p u o           | p
             | h 6   a 4   6 r   s 6 k s c 0   | i s t           | o
             | a 4         4 c     4   2 v     |   e             |
             |                                 |   d             |
-------------+---------------------------------+-----------------+-------
3.4.113      | + + ~ ~ ~ ~ ~ ~ + o o o o o ~ ~ | 5 o 3.4.113     | gentoo
-------------+---------------------------------+-----------------+-------
3.4.113-r1   | ~ ~ ~ ~ ~ ~ ~ ~ ~ o o o o o ~ ~ | 5 o 3.4.113-r1  | gentoo
-------------+---------------------------------+-----------------+-------
3.4.9999     | o o o o o o o o o o o o o o o o | 5 o 3.4.9999    | gentoo

Nothing to do here. Stable users of the 3.4 branch are already in trouble/on their own, and belatedly stabilising isn't going to help them.
Comment 8 Pacho Ramos gentoo-dev 2017-02-03 11:42:53 UTC
What is the status of this finally? :/ Looks that the stabilization was interrupted
Comment 9 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-30 19:25:20 UTC
Can we get a status on this?
Comment 10 Pacho Ramos gentoo-dev 2017-12-04 13:06:37 UTC
this is probably obsolete as the only affected version in the tree could be 3.10.x and now we have a new enough version in the tree to fix it
Comment 11 NATTkA bot gentoo-dev 2020-04-06 15:26:40 UTC
Unable to check for sanity:

> no match for package: =sys-kernel/gentoo-sources-3.4.113
Comment 12 Yury German Gentoo Infrastructure gentoo-dev Security 2020-04-10 21:22:45 UTC
3.X is not in tree.
Closing