2014-05-13 15:35:45 |
Kent Baxley |
bug |
|
|
added bug |
2014-05-13 16:24:58 |
Kent Baxley |
branch linked |
|
lp:~kentb/ubuntu/trusty/openwsman/bug-1319089 |
|
2014-05-13 16:25:35 |
Kent Baxley |
attachment added |
|
bug-13109089.diff https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089/+attachment/4111582/+files/bug-13109089.diff |
|
2014-05-13 16:35:48 |
Kent Baxley |
attachment removed |
bug-13109089.debdiff https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089/+attachment/4111582/+files/bug-13109089.diff |
|
|
2014-05-13 16:36:05 |
Kent Baxley |
attachment added |
|
bug-1310989.debdiff https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089/+attachment/4111583/+files/bug-1310989.debdiff |
|
2014-05-13 17:37:56 |
Seth Arnold |
information type |
Private Security |
Public Security |
|
2014-05-13 18:33:22 |
Kent Baxley |
attachment added |
|
bug-1310989-popped.diff https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089/+attachment/4111635/+files/bug-1310989-popped.diff |
|
2014-05-13 20:24:57 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2014-05-13 20:25:06 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2014-05-16 15:06:24 |
Jamie Strandboge |
openwsman (Ubuntu): status |
New |
In Progress |
|
2014-05-16 15:06:24 |
Jamie Strandboge |
openwsman (Ubuntu): assignee |
|
Kent Baxley (kentb) |
|
2014-05-16 15:06:34 |
Jamie Strandboge |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2014-06-06 17:27:11 |
Kent Baxley |
description |
Upstream maintainer for openwsman has added in a bunch of security fixes after our security team conducted an audit of the code. There are still a few patches left to go, but, I would like to go ahead and include what's already upstream into the 14.04 release:
ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
LocalSubscriptionOpUpdate() unchecked fopen()
Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
Unchecked memory allocation in wsman_init_plugins(), p->ifc
Unchecked memory allocation in mem_double(), newptr
Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
Unchecked memory allocation in u_error_new(), *error
sighup_handler() in wsmand.c uses unsafe functions in a signal handler
I'll be working on a patch for this and will post a debdiff soon.
The upstream commits are here:
https://github.com/Openwsman/openwsman/commits/638b9c8acfa6ded84c94c01e137c61c29d65d62e/src |
The upstream maintainer for openwsman has added in a bunch of security fixes after our security team conducted an audit of the code. There are still a few patches left to go, but, I would like to go ahead and include what's already upstream into the 14.04 release:
ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
LocalSubscriptionOpUpdate() unchecked fopen()
Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
Unchecked memory allocation in wsman_init_plugins(), p->ifc
Unchecked memory allocation in mem_double(), newptr
Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
Unchecked memory allocation in u_error_new(), *error
sighup_handler() in wsmand.c uses unsafe functions in a signal handler
Support SHA512 password encoding, use safe_cmp to prevent brute-force
attacks
increase password upper limit to 128 characters (from 64) |
|
2014-06-06 17:39:39 |
Kent Baxley |
branch linked |
|
lp:~kentb/ubuntu/trusty/openwsman/bug-1319098 |
|
2014-06-09 15:30:02 |
Kent Baxley |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2014-06-16 13:05:18 |
Jamie Strandboge |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2014-06-16 13:05:23 |
Jamie Strandboge |
openwsman (Ubuntu): status |
In Progress |
Fix Committed |
|
2014-06-16 13:06:09 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Trusty |
|
2014-06-16 13:06:09 |
Jamie Strandboge |
bug task added |
|
openwsman (Ubuntu Trusty) |
|
2014-06-16 13:06:09 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Utopic |
|
2014-06-16 13:06:09 |
Jamie Strandboge |
bug task added |
|
openwsman (Ubuntu Utopic) |
|
2014-06-16 13:06:17 |
Jamie Strandboge |
openwsman (Ubuntu Trusty): status |
New |
Fix Committed |
|
2014-06-16 13:06:27 |
Jamie Strandboge |
openwsman (Ubuntu Trusty): assignee |
|
Kent Baxley (kentb) |
|
2014-06-16 13:06:33 |
Jamie Strandboge |
openwsman (Ubuntu Utopic): assignee |
Kent Baxley (kentb) |
|
|
2014-06-16 13:06:36 |
Jamie Strandboge |
openwsman (Ubuntu Utopic): status |
Fix Committed |
Triaged |
|
2014-06-16 14:33:27 |
Launchpad Janitor |
openwsman (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2014-06-16 14:43:51 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/openwsman |
|
2014-06-16 14:52:43 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2014-06-16 14:52:46 |
Jamie Strandboge |
openwsman (Ubuntu Utopic): status |
Triaged |
Fix Released |
|