Ubuntu
libgcrypt11 package

buffer overflow crash in libgcrypt when open files > 1024

Bug #1084279 reported by Tommy Odom
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libgcrypt11 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I am running JBoss with my open files set to > 1024 and when one of my Java classes tries to access the printers it talks to libcups which uses libgnutls which uses libgcrypt. However, libgcrypt has some code that is calling FD_SET on a file descriptor but that gets reported as a buffer overflow because the file descriptor has a value of 1053 which is greater than the FD_SETSIZE define of 1024. This bug was fixed in libgcrypt in September 2011 but does not appear in the patched version of libgcrypt11 1.5.0 in Ubuntu 12.04.

The git commit in libgcrypt that fixes the problem is 061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72

I submitted the crash (I think it's not entirely clear to me it did anything) using ubuntu-bug which I guess went to the whoopsie database or something.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgcrypt11 1.5.0-3ubuntu0.1
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
ApportVersion: 2.0.1-0ubuntu11
Architecture: amd64
Date: Wed Nov 28 17:57:12 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
MarkForUpload: True
ProcEnviron:
 LANGUAGE=en_US:
 TERM=xterm-256color
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: libgcrypt11
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

lp:debian/libgcrypt11

CVE References

Revision history for this message
Tommy Odom (tommy-odom) wrote :
description: updated
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The linked patch looks good to me.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libgcrypt11 (Ubuntu):
status: New → Confirmed
Revision history for this message
Dave Gilbert (ubuntu-treblig) wrote :

Triaged: Reporter points to fix
High: Crashing in libgcrypt has the potential to affect a lot of stuff.

Changed in libgcrypt11 (Ubuntu):
importance: Undecided → High
status: Confirmed → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libgcrypt11 - 1.5.3-2ubuntu1

---------------
libgcrypt11 (1.5.3-2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - no-global-init-thread-callbacks.diff: Do not call global_init when
      setting thread callbacks

libgcrypt11 (1.5.3-2) unstable; urgency=low

  * Convert to dh and move building of ps and html docs to
    override_dh_auto_build-indep. Enable parallel building.

libgcrypt11 (1.5.3-1) unstable; urgency=high

  * New upstream bugfix release. (CVE-2013-4242)

libgcrypt11 (1.5.2-3) unstable; urgency=low

  * Install libgcrypt.a and libgcrypt.so to /usr.
  * [15_multiarchpath_in_-L.diff] Do not print -L/lib/i386-linux-gnu on
    "libgcrypt-config --libs".
  * Use debhelper v9 mode. This allows us to mark libgcrypt11-dbg Multi-Arch:
    same.

libgcrypt11 (1.5.2-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by refering to anonscm instead
    of svn.debian.org.
  * Update info in debian/copyright from upstream's README, fixing typo 'teh'.
  * Delete some outdated and unused code in debian/rules.

libgcrypt11 (1.5.2-1) experimental; urgency=low

  * New upstream version.
    + IDEA support added.
  * Move list of supported algorithms to a separate paragraph in description
    to decrease work-load of translators. Closes: #640261
  * Move TeX-packages from b-d to Build-Depends-Indep. (Thanks, P. J.
    McDermott) Closes: #682597

libgcrypt11 (1.5.1-1) experimental; urgency=low

  * Point watchfile to stable release.
  * New upstream version.
  * Drop superfluous patches:
    29_Fix-a-problem-with-select-and-high-fds.patch
    30_Avoid-dereferencing-pointer-right-after-the-end.patch
    31_Fix-segv-with-AES-NI-on-some-platforms.patch
    32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
  * Bump version gcry_control@GCRYPT_1.2 in debian/libgcrypt11.symbols from
    1.4.5 to 1.5.1 since its argument enum has a new member.

libgcrypt11 (1.5.0-5) unstable; urgency=low

  * While we are at it also pick
    29_Fix-a-problem-with-select-and-high-fds.patch
    LP: #1084279

libgcrypt11 (1.5.0-4) unstable; urgency=low

  * Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
      30_Avoid-dereferencing-pointer-right-after-the-end.patch
      31_Fix-segv-with-AES-NI-on-some-platforms.patch
         <https://bugs.g10code.com/gnupg/issue1452> LP: #1105758
      32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
    Closes: #699034
 -- Seth Arnold <email address hidden> Wed, 27 Nov 2013 10:36:27 -0800

Changed in libgcrypt11 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.