Stack smashing while using a lot of connections
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | libfcgi (Ubuntu) |
Medium
|
Unassigned | ||
| | Precise |
Undecided
|
Unassigned | ||
Bug Description
The bug described in #933417 which is fixed in Quantal and later appears to be a security issue as it can affect a server processes and cause a DoS. It would be great to get a patched version in 12.04.
I've taken the patch from #933417 and applied it (with no modifications) against the source package for fcgi in 12.04 and bumped the changelog. I've attached a debdiff of these changes to this report.
Please let me know how I can help to get this accepted.
Related branches
| Joe Damato (q-joe) wrote : | #1 |
| information type: | Private Security → Public Security |
| Changed in libfcgi (Ubuntu): | |
| assignee: | nobody → Ubuntu Security Sponsors Team (ubuntu-security-sponsors) |
| assignee: | Ubuntu Security Sponsors Team (ubuntu-security-sponsors) → nobody |
| Thomas Ward (teward) wrote : | #2 |
| Thomas Ward (teward) wrote : | #3 |
Please make a note: I have nominated this bug for the Precise series. When the Precise series is approved on this bug, the status for the development-release (i.e. the 'no series' bug which is implied for the in-development release) should be set to "Fix Released" as this issue has been fixed with the prior bug (#933417) since Quantal. This update here only applies to Precise.
| tags: | added: precise |
| Changed in libfcgi (Ubuntu): | |
| importance: | Undecided → Medium |
| Thomas Ward (teward) wrote : | #4 |
(NOTE: Importance change is done to match the previous bug, #933417. It can be changed at the Security Team's discretion.)
| Changed in libfcgi (Ubuntu Precise): | |
| status: | New → Confirmed |
| Changed in libfcgi (Ubuntu): | |
| status: | New → Fix Released |
| Marc Deslauriers (mdeslaur) wrote : | #5 |
ACK on the debdiff. Looks good. Uploaded for building with a slight version change, and will be released today.
Thanks!
| Changed in libfcgi (Ubuntu Precise): | |
| status: | Confirmed → Fix Committed |
| Marc Deslauriers (mdeslaur) wrote : | #6 |
Actually, it will be published on monday as we don't typically publish updates on friday.
| Kees Cook (kees) wrote : | #7 |
Today I learned that Apache raises its rlimit for open files to 8192 by default. This is controlled by APACHE_
| Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package libfcgi - 2.4.0-8.1ubuntu0.1
---------------
libfcgi (2.4.0-
* Applying patch to swap select with poll to handle more than 1024
connections and avoid data corruption or a segfault. (LP: #1418778).
-- Joe Damato <email address hidden> Thu, 05 Feb 2015 16:28:53 -0800
| Changed in libfcgi (Ubuntu Precise): | |
| status: | Fix Committed → Fix Released |
Note on the debdiff: The wrong bug number is present in the debdiff (the old one). Since that bug is now "fixed" we would be using the new bug number here.
I've attached the same debdiff with a one line revision to correct the bug number. Still has the original debdiff author's fingerprints all over it, i just made one revision to the debian/changelog.