crash in libsofthsm2 on armhf after time_t transition
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| softhsm2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
fixed one time_t bug in this library already, now there's another.
Found via the libp11 autopkgtests.
reproducer:
OPENSSL_
Snippet of gdb output:
Program received signal SIGSEGV, Segmentation fault.
Downloading source file /usr/src/
SlotManager:
at SlotManager.cpp:174
174 return slots.at(slotID);
(gdb) bt
#0 SlotManager:
at SlotManager.cpp:174
#1 0xf7b61b3c in SoftHSM:
slotID=
#2 0xf7b4a522 in C_CloseAllSessions (slotID=1150801720) at main.cpp:347
#3 0xf7bc7ffe in pkcs11_slot_unref (slot=slot@
at p11_slot.c:433
<snip>
'slotManager' is NULL.
Related branches
- Steve Langasek: Pending requested
-
Diff: 50 lines (+28/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/0004-fix-uaf-in-softhsm-dtor.patch (+20/-0)
debian/patches/series (+1/-0)
CVE References
| tags: | added: time-t |
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in softhsm2 (Ubuntu): | |
| status: | New → Fix Released |
This bug was fixed in the package softhsm2 - 2.6.1-2.2ubuntu3
---------------
softhsm2 (2.6.1-2.2ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- William Grant <email address hidden> Mon, 01 Apr 2024 15:47:06 +1100