Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1000408,
regarding buster-pu: package libmodbus/3.1.4-2+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1000408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
The attached debdiff for libmodbus fixes CVE-2019-14462 and CVE-2019-14463
in Buster.
These CVEs are marked as no-dsa by the security team.
For both CVEs a unit test was added and the unit-tests of the package
showed no errors
Thorsten
diff -Nru libmodbus-3.1.4/debian/changelog libmodbus-3.1.4/debian/changelog
--- libmodbus-3.1.4/debian/changelog 2018-12-19 04:14:47.000000000 +0100
+++ libmodbus-3.1.4/debian/changelog 2021-11-20 22:03:02.000000000 +0100
@@ -1,3 +1,13 @@
+libmodbus (3.1.4-2+deb10u1) buster; urgency=high
+
+ * Non-maintainer upload by the LTS Team.
+ * CVE-2019-14462 + CVE-2019-14463
+ out of bound reads for MODBUS_FC_WRITE_MULTIPLE_REGISTERS and
+ MODBUS_FC_WRITE_MULTIPLE_COILS
+ * add unit test for CVEs above
+
+ -- Thorsten Alteholz <deb...@alteholz.de> Sat, 20 Nov 2021 22:03:02 +0100
+
libmodbus (3.1.4-2) unstable; urgency=medium
* Fix float endianness issue on big endian arch (Closes: #916345)
diff -Nru libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-1.patch
libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-1.patch
--- libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-1.patch 1970-01-01
01:00:00.000000000 +0100
+++ libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-1.patch 2021-11-20
22:03:02.000000000 +0100
@@ -0,0 +1,37 @@
+commit 5ccdf5ef79d742640355d1132fa9e2abc7fbaefc
+Author: Stéphane Raimbault <stephane.raimba...@gmail.com>
+Date: Fri Jul 26 16:00:06 2019 +0200
+
+ Fix VD-1301 and VD-1302 vulnerabilities
+
+ This patch was contributed by Maor Vermucht and Or Peles from
+ VDOO Connected Trust.
+
+Index: libmodbus-3.1.4/src/modbus.c
+===================================================================
+--- libmodbus-3.1.4.orig/src/modbus.c 2021-11-20 23:48:42.253943045 +0100
++++ libmodbus-3.1.4/src/modbus.c 2021-11-20 23:48:42.249943044 +0100
+@@ -831,9 +831,10 @@
+ break;
+ case MODBUS_FC_WRITE_MULTIPLE_COILS: {
+ int nb = (req[offset + 3] << 8) + req[offset + 4];
++ int nb_bits = req[offset + 5];
+ int mapping_address = address - mb_mapping->start_bits;
+
+- if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb) {
++ if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb || nb_bits * 8 < nb) {
+ /* May be the indication has been truncated on reading because of
+ * invalid address (eg. nb is 0 but the request contains values to
+ * write) so it's necessary to flush. */
+@@ -862,9 +863,10 @@
+ break;
+ case MODBUS_FC_WRITE_MULTIPLE_REGISTERS: {
+ int nb = (req[offset + 3] << 8) + req[offset + 4];
++ int nb_bytes = req[offset + 5];
+ int mapping_address = address - mb_mapping->start_registers;
+
+- if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb) {
++ if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb || nb_bytes * 8 < nb) {
+ rsp_length = response_exception(
+ ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE,
+ "Illegal number of values %d in write_registers (max %d)\n",
diff -Nru libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-2.patch
libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-2.patch
--- libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-2.patch 1970-01-01
01:00:00.000000000 +0100
+++ libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-2.patch 2021-11-20
22:03:02.000000000 +0100
@@ -0,0 +1,25 @@
+commit 6f915d4215c06be3c719761423d9b5e8aa3cb820
+Author: Stéphane Raimbault <stephane.raimba...@gmail.com>
+Date: Wed Jul 31 22:49:53 2019 +0200
+
+ Fix my so stupid fix for VD-1301 vulnerability
+
+ I can't believe I committed that copy/paste mistake.
+ Sorry Maor Vermucht and Or Peles, excepted naming your original
+ patch was OK.
+
+ Thank you Karl Palsson for your review.
+
+Index: libmodbus-3.1.4/src/modbus.c
+===================================================================
+--- libmodbus-3.1.4.orig/src/modbus.c 2021-11-20 23:48:46.985943366 +0100
++++ libmodbus-3.1.4/src/modbus.c 2021-11-20 23:48:46.985943366 +0100
+@@ -866,7 +866,7 @@
+ int nb_bytes = req[offset + 5];
+ int mapping_address = address - mb_mapping->start_registers;
+
+- if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb || nb_bytes * 8 < nb) {
++ if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb || nb_bytes != nb * 2) {
+ rsp_length = response_exception(
+ ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE,
+ "Illegal number of values %d in write_registers (max %d)\n",
diff -Nru libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-unit-test.patch
libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-unit-test.patch
--- libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-unit-test.patch
1970-01-01 01:00:00.000000000 +0100
+++ libmodbus-3.1.4/debian/patches/CVE-2019-14462-14463-unit-test.patch
2021-11-20 22:03:02.000000000 +0100
@@ -0,0 +1,50 @@
+commit ca3fcb1c98755e8f44c33a910af4db3c799ee63e
+Author: Stéphane Raimbault <stephane.raimba...@gmail.com>
+Date: Fri Jul 26 16:01:30 2019 +0200
+
+ Add unit tests for VD-1301 and VD-1302 vulnerabilities
+
+Index: libmodbus-3.1.4/tests/unit-test-client.c
+===================================================================
+--- libmodbus-3.1.4.orig/tests/unit-test-client.c 2021-11-21
00:02:25.506171374 +0100
++++ libmodbus-3.1.4/tests/unit-test-client.c 2021-11-21 00:02:25.502171373
+0100
+@@ -797,7 +797,6 @@
+ goto close;
+ }
+
+- /* Modbus write and read multiple registers */
+ rc = send_crafted_request(ctx, MODBUS_FC_WRITE_AND_READ_REGISTERS,
+ rw_raw_req, RW_RAW_REQ_LEN,
+ MODBUS_MAX_WR_READ_REGISTERS + 1, 0,
+@@ -805,8 +804,6 @@
+ if (rc == -1)
+ goto close;
+
+- /* Modbus write multiple registers with large number of values but a set a
+- small number of bytes in requests (not nb * 2 as usual). */
+ rc = send_crafted_request(ctx, MODBUS_FC_WRITE_MULTIPLE_REGISTERS,
+ write_raw_req, WRITE_RAW_REQ_LEN,
+ MODBUS_MAX_WRITE_REGISTERS + 1, 6,
+@@ -820,6 +817,22 @@
+ backend_length, backend_offset);
+ if (rc == -1)
+ goto close;
++
++ /* Modbus write multiple registers with large number of values but a set a
++ small number of bytes in requests (not nb * 2 as usual). */
++ rc = send_crafted_request(ctx, MODBUS_FC_WRITE_MULTIPLE_REGISTERS,
++ write_raw_req, WRITE_RAW_REQ_LEN,
++ MODBUS_MAX_WRITE_REGISTERS, 6,
++ backend_length, backend_offset);
++ if (rc == -1)
++ goto close;
++
++ rc = send_crafted_request(ctx, MODBUS_FC_WRITE_MULTIPLE_COILS,
++ write_raw_req, WRITE_RAW_REQ_LEN,
++ MODBUS_MAX_WRITE_BITS, 6,
++ backend_length, backend_offset);
++ if (rc == -1)
++ goto close;
+
+ /* Test invalid function code */
+ modbus_send_raw_request(ctx, invalid_fc_raw_req, INVALID_FC_REQ_LEN *
sizeof(uint8_t));
diff -Nru libmodbus-3.1.4/debian/patches/series
libmodbus-3.1.4/debian/patches/series
--- libmodbus-3.1.4/debian/patches/series 2018-12-19 03:29:41.000000000
+0100
+++ libmodbus-3.1.4/debian/patches/series 2021-11-20 22:03:02.000000000
+0100
@@ -1,2 +1,6 @@
Fix-typo.patch
Fix-float-endianness-issue-on-big-endian-arch.patch
+
+CVE-2019-14462-14463-1.patch
+CVE-2019-14462-14463-2.patch
+CVE-2019-14462-14463-unit-test.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.12
Hi,
The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.
Regards,
Adam
--- End Message ---
