Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 755854 - <net-irc/inspircd-3.8.1: Double free in websocket module
Summary: <net-irc/inspircd-3.8.1: Double free in websocket module
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://docs.inspircd.org/security/20...
Whiteboard: C3 [noglsa]
Keywords: PullRequest
: 762673 (view as bug list)
Depends on:
Blocks: 755851
  Show dependency tree
 
Reported: 2020-11-20 17:08 UTC by Sam James
Modified: 2021-01-25 23:51 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-20 17:08:47 UTC
"Summary

The websocket module before v3.8.1 contains a double free vulnerability. When combined with a HTTP reverse proxy this vulnerability can be used by any user who is [GKZ]-lined to remotely crash an InspIRCd server.

Thanks to @benharri for reporting this issue.
Affected Versions

This vulnerability is present in the following releases:

    All versions of v3 before v3.8.1

Recommended Action

This vulnerability is fixed in version 3.8.1. It is strongly recommended that all affected users upgrade.

If upgrading is not possible then the websocket module should be unloaded or reconfigured to allow users to connect directly instead of through a HTTP reverse proxy."
Comment 1 Sam James archtester gentoo-dev Security 2020-11-20 17:09:45 UTC
So, for this bug, we need to bump to 3.8.1.

bug 755851 needed a stabilisation bu we may as well just stable 3.8.1 for that now.

bug 743205 is old and just needs a possible GLSA.
Comment 2 Wade Cline 2020-11-21 03:01:59 UTC
I'll see about submitting a PR for 3.8.1 by the end of this weekend at the latest.
Comment 3 Wade Cline 2020-11-21 08:51:16 UTC
PR submitted: https://github.com/gentoo/gentoo/pull/18347
Comment 4 Larry the Git Cow gentoo-dev 2020-11-22 03:52:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02a985abeacea6af0dd01efe967ae40e96ec79a3

commit 02a985abeacea6af0dd01efe967ae40e96ec79a3
Author:     Wade Cline <wadecline@hotmail.com>
AuthorDate: 2020-11-21 08:42:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-11-22 03:35:56 +0000

    net-irc/inspircd: Drop 3.8.0
    
    Signed-off-by: Wade Cline <wadecline@hotmail.com>
    
    Bug: https://bugs.gentoo.org/755854
    Closes: https://github.com/gentoo/gentoo/pull/18347
    Signed-off-by: Sam James <sam@gentoo.org>

 net-irc/inspircd/Manifest              |   1 -
 net-irc/inspircd/inspircd-3.8.0.ebuild | 121 ---------------------------------
 2 files changed, 122 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d54d3c8b2f510d7977c0059f594c3ca5e8cf6d27

commit d54d3c8b2f510d7977c0059f594c3ca5e8cf6d27
Author:     Wade Cline <wadecline@hotmail.com>
AuthorDate: 2020-11-21 08:37:40 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-11-22 03:35:55 +0000

    net-irc/inspircd: Add 3.8.1
    
    Signed-off-by: Wade Cline <wadecline@hotmail.com>
    
    Bug: https://bugs.gentoo.org/755854
    Signed-off-by: Sam James <sam@gentoo.org>

 net-irc/inspircd/Manifest              |   1 +
 net-irc/inspircd/inspircd-3.8.1.ebuild | 121 +++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)
Comment 5 John Helmert III gentoo-dev Security 2020-11-23 16:18:23 UTC
Please let us know when ready to stable.
Comment 6 Wade Cline 2020-11-24 04:14:59 UTC
I'm likely going to be busy with holidays the rest of this week, but feel free to start stabilization; let me know what you need and I'll work on it when able.
Comment 7 Agostino Sarubbo gentoo-dev 2020-11-24 12:57:21 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-11-25 07:44:16 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 John Helmert III gentoo-dev Security 2020-12-27 08:55:43 UTC
(In reply to Wade Cline from comment #6)
> I'm likely going to be busy with holidays the rest of this week, but feel
> free to start stabilization; let me know what you need and I'll work on it
> when able.

Please drop the vulnerable versions (<3.8.1). Thanks!
Comment 10 John Helmert III gentoo-dev Security 2020-12-30 21:16:00 UTC
*** Bug 762673 has been marked as a duplicate of this bug. ***
Comment 11 Larry the Git Cow gentoo-dev 2020-12-31 01:13:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83567ff2355ef80076990e51cc58fcef2cdf1138

commit 83567ff2355ef80076990e51cc58fcef2cdf1138
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-12-30 21:25:02 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-31 01:13:41 +0000

    net-irc/inspircd: security cleanup (drop <3.8.1)
    
    Bug: https://bugs.gentoo.org/743205
    Bug: https://bugs.gentoo.org/755851
    Bug: https://bugs.gentoo.org/755854
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/18885
    Signed-off-by: Sam James <sam@gentoo.org>

 net-irc/inspircd/Manifest                          |   2 -
 .../files/inspircd-2.0.27-fix-path-builds.patch    | 257 -------------------
 .../files/inspircd-3.4.0-fix-path-builds.patch     | 271 ---------------------
 net-irc/inspircd/inspircd-2.0.29.ebuild            | 115 ---------
 net-irc/inspircd/inspircd-3.4.0-r1.ebuild          | 121 ---------
 5 files changed, 766 deletions(-)
Comment 12 Wade Cline 2020-12-31 03:59:14 UTC
>amd64 stable.
>
>Maintainer(s), please cleanup.
>Security, please vote.

Hmm, I must have skimmed past the later lines when checking my e-mail and missed this.  Sorry about that.