2020-02-27 13:39:26 |
bugproxy |
bug |
|
|
added bug |
2020-02-27 13:39:28 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-184097 severity-high targetmilestone-inin2004 |
|
2020-02-27 13:39:30 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-02-27 13:39:32 |
bugproxy |
affects |
ubuntu |
linux (Ubuntu) |
|
2020-02-27 13:43:56 |
Heinz-Werner Seeck |
affects |
linux (Ubuntu) |
s390-tools (Ubuntu) |
|
2020-02-27 16:56:34 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
2020-02-27 16:56:42 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
2020-02-27 16:57:37 |
Frank Heimes |
nominated for series |
|
Ubuntu Focal |
|
2020-02-27 16:57:37 |
Frank Heimes |
bug task added |
|
s390-tools (Ubuntu Focal) |
|
2020-02-27 16:57:37 |
Frank Heimes |
nominated for series |
|
Ubuntu Eoan |
|
2020-02-27 16:57:37 |
Frank Heimes |
bug task added |
|
s390-tools (Ubuntu Eoan) |
|
2020-02-27 16:57:37 |
Frank Heimes |
nominated for series |
|
Ubuntu Xenial |
|
2020-02-27 16:57:37 |
Frank Heimes |
bug task added |
|
s390-tools (Ubuntu Xenial) |
|
2020-02-27 16:57:37 |
Frank Heimes |
nominated for series |
|
Ubuntu Bionic |
|
2020-02-27 16:57:37 |
Frank Heimes |
bug task added |
|
s390-tools (Ubuntu Bionic) |
|
2020-02-27 16:57:57 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
2020-02-27 16:58:11 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Canonical Foundations Team (canonical-foundations) |
|
2020-03-11 11:45:27 |
Dimitri John Ledkov |
information type |
Public |
Private Security |
|
2020-03-12 12:16:26 |
Frank Heimes |
bug |
|
|
added subscriber Heinz-Werner Seeck |
2020-03-20 12:10:36 |
Dimitri John Ledkov |
information type |
Private Security |
Public |
|
2020-03-20 20:55:21 |
Launchpad Janitor |
s390-tools (Ubuntu Focal): status |
New |
Fix Released |
|
2020-03-21 11:20:42 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
2020-07-17 16:30:01 |
Frank Heimes |
s390-tools (Ubuntu Eoan): status |
New |
Invalid |
|
2020-07-17 16:45:53 |
Frank Heimes |
s390-tools (Ubuntu Eoan): status |
Invalid |
Won't Fix |
|
2020-10-29 16:38:41 |
Matthieu Clemenceau |
tags |
architecture-s39064 bugnameltc-184097 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 |
|
2020-11-17 16:07:22 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~slyon/ubuntu/+source/s390-tools/+git/s390-tools/+merge/393925 |
|
2020-11-17 16:13:36 |
Lukas Märdian |
s390-tools (Ubuntu Bionic): status |
New |
In Progress |
|
2020-11-17 16:25:34 |
Lukas Märdian |
description |
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream commit(s) for s390-tools:
6fe9e6c55c69c14971dca55551009f5060418aae
8874b908254c47c8a6fd7a1aca2c7371c11035c4
f7430027b41d5ad6220e962a179c2a5213330a44
36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem was introduced with version 1.24. Therefore these patches need to be applied to all distros in service. |
[Impact]
* Crash of the zipl boot loader during boot.
* due to printf buffer overflow in zipl/libc implementation
[Test Case]
* Use printf to print a string with >81 characters
(exact number depends on the stack layout/compiler used).
[Where problems could occur]
* regressions in zipl could break the booting on IBM Z, in certain scenarios
* the package is only available on s390x and thus could only affect IBM Z machines
[Other Info]
* Patches provided by IBM
* In addition to the 4 commit IDs from the original description, I needed to include part of another upstream commit, to add the "memmove()" function. This was taken from: https://github.com/ibm-s390-tools/s390-tools/commit/e764f460c457ab2a6000acb5f2eb7169866ce192
=== Original Description ===
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream commit(s) for s390-tools:
6fe9e6c55c69c14971dca55551009f5060418aae
8874b908254c47c8a6fd7a1aca2c7371c11035c4
f7430027b41d5ad6220e962a179c2a5213330a44
36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem was introduced with version 1.24. Therefore these patches need to be applied to all distros in service. |
|
2020-11-17 16:26:49 |
Lukas Märdian |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-11-20 14:37:14 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~slyon/ubuntu/+source/s390-tools/+git/s390-tools/+merge/394248 |
|
2020-11-20 15:16:46 |
Lukas Märdian |
s390-tools (Ubuntu Xenial): status |
New |
In Progress |
|
2020-11-24 18:57:08 |
Brian Murray |
s390-tools (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-11-24 18:57:11 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2020-11-24 18:57:18 |
Brian Murray |
tags |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 verification-needed verification-needed-bionic |
|
2020-11-24 19:01:38 |
Brian Murray |
s390-tools (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2020-11-24 19:01:48 |
Brian Murray |
tags |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 verification-needed verification-needed-bionic |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 verification-needed verification-needed-bionic verification-needed-xenial |
|
2020-11-24 19:31:35 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2020-12-01 07:26:13 |
Mathew Hodson |
s390-tools (Ubuntu): importance |
Undecided |
High |
|
2020-12-01 07:26:16 |
Mathew Hodson |
s390-tools (Ubuntu Xenial): importance |
Undecided |
High |
|
2020-12-01 07:26:18 |
Mathew Hodson |
s390-tools (Ubuntu Bionic): importance |
Undecided |
High |
|
2020-12-01 07:26:20 |
Mathew Hodson |
s390-tools (Ubuntu Eoan): importance |
Undecided |
High |
|
2020-12-01 07:26:22 |
Mathew Hodson |
s390-tools (Ubuntu Focal): importance |
Undecided |
High |
|
2020-12-01 18:11:30 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 verification-needed verification-needed-bionic verification-needed-xenial |
architecture-s39064 bugnameltc-184097 fr-883 severity-high targetmilestone-inin2004 verification-done verification-done-bionic verification-done-xenial |
|
2020-12-01 20:51:13 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-12-01 20:52:40 |
Launchpad Janitor |
s390-tools (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2020-12-01 21:00:32 |
Launchpad Janitor |
s390-tools (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-12-01 21:46:23 |
Dimitri John Ledkov |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|