Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package util-linux
[ Reason ]
Fix for security bug CVE-2021-37600, reported as Debian bug #991619
[ Impact ]
Security issue remains open. From an util-linux perspective, I think
this is a local (=non-remote) issue.
[ Tests ]
util-linux build-time tests cover ipcs and lsipc, which are the two
affected commands.
[ Risks ]
The security bug is in a shared static .c file, used by the ipcs and
lsipc commands. I hope that ipc shmem/queue/semaphore users do not shell
out to ipcs/lsipc, and instead use some library. If this is true, only
"inspection" use cases of local admins would possibly break.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
util-linux builds udebs. debian-boot@ is x-cc'ed.
unblock util-linux/2.36.1-8
diff -Nru util-linux-2.36.1/debian/changelog util-linux-2.36.1/debian/changelog
--- util-linux-2.36.1/debian/changelog 2021-02-07 14:38:19.000000000 +0000
+++ util-linux-2.36.1/debian/changelog 2021-07-28 19:09:07.000000000 +0000
@@ -1,3 +1,9 @@
+util-linux (2.36.1-8) unstable; urgency=medium
+
+ * Apply upstream patch for CVE-2021-37600 (Closes: #991619)
+
+ -- Chris Hofstaedtler <z...@debian.org> Wed, 28 Jul 2021 19:09:07 +0000
+
util-linux (2.36.1-7) unstable; urgency=medium
* libmount: allow --read-only for not-root users.
diff -Nru util-linux-2.36.1/debian/patches/series
util-linux-2.36.1/debian/patches/series
--- util-linux-2.36.1/debian/patches/series 2021-02-07 14:38:19.000000000
+0000
+++ util-linux-2.36.1/debian/patches/series 2021-07-28 19:09:07.000000000
+0000
@@ -6,3 +6,4 @@
debian/verbose-tests.patch
upstream/libmount-do-not-canonicalize-ZFS-source-dataset.patch
upstream/libmount-allow-read-only-for-not-root-users.patch
+upstream/CVE-2021-37600-sys-utils-ipcutils-be-careful-when-call-calloc.patch
diff -Nru
util-linux-2.36.1/debian/patches/upstream/CVE-2021-37600-sys-utils-ipcutils-be-careful-when-call-calloc.patch
util-linux-2.36.1/debian/patches/upstream/CVE-2021-37600-sys-utils-ipcutils-be-careful-when-call-calloc.patch
---
util-linux-2.36.1/debian/patches/upstream/CVE-2021-37600-sys-utils-ipcutils-be-careful-when-call-calloc.patch
1970-01-01 00:00:00.000000000 +0000
+++
util-linux-2.36.1/debian/patches/upstream/CVE-2021-37600-sys-utils-ipcutils-be-careful-when-call-calloc.patch
2021-07-28 19:09:07.000000000 +0000
@@ -0,0 +1,23 @@
+From: Karel Zak <k...@redhat.com>
+Date: Tue, 27 Jul 2021 11:58:31 +0200
+Subject: sys-utils/ipcutils: be careful when call calloc() for uint64 nmembs
+
+Fix: https://github.com/karelzak/util-linux/issues/1395
+Signed-off-by: Karel Zak <k...@redhat.com>
+---
+ sys-utils/ipcutils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c
+index 674b612..f2b04dd 100644
+--- a/sys-utils/ipcutils.c
++++ b/sys-utils/ipcutils.c
+@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p)
+ {
+ size_t i;
+
+- if (!p || !p->sem_nsems || p->sem_perm.id < 0)
++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id <
0)
+ return;
+
+ p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem));
