2012-11-28 23:05:34 |
Tommy Odom |
bug |
|
|
added bug |
2012-11-28 23:06:12 |
Tommy Odom |
description |
Description: Ubuntu 12.04 LTS
Release: 12.04
libgcrypt11:
Installed: 1.5.0-3ubuntu0.1
Candidate: 1.5.0-3ubuntu0.1
Version table:
*** 1.5.0-3ubuntu0.1 0
500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.5.0-3 0
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
I am running JBoss with my open files set to > 1024 and when one of my Java classes tries to access the printers it talks to libcups which uses libgnutls which uses libgcrypt. However, libgcrypt has some code that is calling FD_SET on a file descriptor but that gets reported as a buffer overflow because the file descriptor has a value of 1053 which is greater than the FD_SETSIZE define of 1024. This bug was fixed in libgcrypt in September 2011 but does not appear in the patched version of libgcrypt11 1.5.0 in Ubuntu 12.04.
The git commit in libgcrypt that fixes the problem is 061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72
I submitted the crash (I think it's not entirely clear to me it did anything) using ubuntu-bug which I guess went to the whoopsie database or something.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgcrypt11 1.5.0-3ubuntu0.1
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
ApportVersion: 2.0.1-0ubuntu11
Architecture: amd64
Date: Wed Nov 28 17:57:12 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_US:
TERM=xterm-256color
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: libgcrypt11
UpgradeStatus: No upgrade log present (probably fresh install) |
I am running JBoss with my open files set to > 1024 and when one of my Java classes tries to access the printers it talks to libcups which uses libgnutls which uses libgcrypt. However, libgcrypt has some code that is calling FD_SET on a file descriptor but that gets reported as a buffer overflow because the file descriptor has a value of 1053 which is greater than the FD_SETSIZE define of 1024. This bug was fixed in libgcrypt in September 2011 but does not appear in the patched version of libgcrypt11 1.5.0 in Ubuntu 12.04.
The git commit in libgcrypt that fixes the problem is 061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72
I submitted the crash (I think it's not entirely clear to me it did anything) using ubuntu-bug which I guess went to the whoopsie database or something.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgcrypt11 1.5.0-3ubuntu0.1
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
ApportVersion: 2.0.1-0ubuntu11
Architecture: amd64
Date: Wed Nov 28 17:57:12 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_US:
TERM=xterm-256color
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: libgcrypt11
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2013-02-10 17:10:18 |
Aaron B. Russell |
bug |
|
|
added subscriber Aaron B. Russell |
2013-02-10 17:10:43 |
Launchpad Janitor |
libgcrypt11 (Ubuntu): status |
New |
Confirmed |
|
2013-02-10 17:10:54 |
Dave Gilbert |
libgcrypt11 (Ubuntu): importance |
Undecided |
High |
|
2013-02-10 17:10:54 |
Dave Gilbert |
libgcrypt11 (Ubuntu): status |
Confirmed |
Triaged |
|
2013-02-10 20:11:40 |
Aaron B. Russell |
bug |
|
|
added subscriber Henry Gunnery |
2013-02-24 23:50:01 |
Launchpad Janitor |
branch linked |
|
lp:debian/libgcrypt11 |
|
2013-11-27 22:22:13 |
Launchpad Janitor |
libgcrypt11 (Ubuntu): status |
Triaged |
Fix Released |
|
2013-11-27 22:22:13 |
Launchpad Janitor |
bug watch added |
|
https://bugs.g10code.com/gnupg/issue1452 |
|
2013-11-27 22:22:13 |
Launchpad Janitor |
cve linked |
|
2013-4242 |
|