Subject: unblock: aircrack-ng/1:1.2-0~beta3-2 Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: important X-Debbugs-CC: car...@debian.org
Please unblock package aircrack-ng It fixes 4 security vulnerabilities. (#767979) https://security-tracker.debian.org/tracker/CVE-2014-8321 https://security-tracker.debian.org/tracker/CVE-2014-8322 https://security-tracker.debian.org/tracker/CVE-2014-8323 https://security-tracker.debian.org/tracker/CVE-2014-8324 Attached is the debdiff against the package in testing. unblock aircrack-ng/1:1.2-0~beta3-2
diff -Nru aircrack-ng-1.2-0~beta3/debian/changelog aircrack-ng-1.2-0~beta3/debian/changelog --- aircrack-ng-1.2-0~beta3/debian/changelog 2014-05-30 19:40:13.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/changelog 2014-11-12 00:16:47.000000000 +0100 @@ -1,3 +1,14 @@ +aircrack-ng (1:1.2-0~beta3-2) unstable; urgency=high + + * Fix the following security vulnerabilities: (Closes: #767979) + * CVE-2014-8321 - GPS stack overflow. + * CVE-2014-8322 - tcp_test stack overflow. + * CVE-2014-8323 - buddy-ng missing checkin data format. + * CVE-2014-8324 - net_get missing check for invalid values. + * Add missing dh-python package to Build-Depends. + + -- Carlos Alberto Lopez Perez <clo...@igalia.com> Tue, 11 Nov 2014 23:41:52 +0100 + aircrack-ng (1:1.2-0~beta3-1) unstable; urgency=low * New upstream release. diff -Nru aircrack-ng-1.2-0~beta3/debian/control aircrack-ng-1.2-0~beta3/debian/control --- aircrack-ng-1.2-0~beta3/debian/control 2014-05-30 18:39:20.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/control 2014-11-12 00:15:54.000000000 +0100 @@ -5,6 +5,7 @@ Homepage: http://www.aircrack-ng.org/ Build-Depends: debhelper (>= 9), + dh-python, libgcrypt20-dev | libgcrypt11-dev, libnl-genl-3-dev [linux-any], libpcap0.8-dev, diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff --- aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff 2014-11-11 23:52:09.000000000 +0100 @@ -0,0 +1,26 @@ +From ff70494dd389ba570dbdbf36f217c28d4381c6b5 Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotre...@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:51:21 +0000 +Subject: [PATCH] Airodump-ng: Fixed GPS stack overflow (Closes #13 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2416 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/airodump-ng.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/airodump-ng.c b/src/airodump-ng.c +index 6cec912..222492c 100644 +--- a/src/airodump-ng.c ++++ b/src/airodump-ng.c +@@ -4497,7 +4497,7 @@ void gps_tracker( void ) + } + + // New version, JSON +- if( recv( gpsd_sock, line + pos, sizeof( line ) - 1, 0 ) <= 0 ) ++ if( recv( gpsd_sock, line + pos, sizeof( line ) - pos - 1, 0 ) <= 0 ) + return; + + // search for TPV class: {"class":"TPV" +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff --- aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff 2014-11-11 23:52:57.000000000 +0100 @@ -0,0 +1,27 @@ +From 091b153f294b9b695b0b2831e65936438b550d7b Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotre...@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:53:50 +0000 +Subject: [PATCH] Aireplay-ng: Fixed tcp_test stack overflow (Closes #14 on + GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2417 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/aireplay-ng.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/aireplay-ng.c b/src/aireplay-ng.c +index 7335442..b397015 100644 +--- a/src/aireplay-ng.c ++++ b/src/aireplay-ng.c +@@ -5398,6 +5398,8 @@ int tcp_test(const char* ip_str, const short port) + if( (unsigned)caplen == sizeof(nh)) + { + len = ntohl(nh.nh_len); ++ if (len > 1024 || len < 0) ++ continue; + if( nh.nh_type == 1 && i==0 ) + { + i=1; +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff --- aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff 2014-11-11 23:53:42.000000000 +0100 @@ -0,0 +1,26 @@ +From da087238963c1239fdabd47dc1b65279605aca70 Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotre...@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:58:02 +0000 +Subject: [PATCH] Buddy-ng: Fixed segmentation fault (Closes #15 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2418 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/buddy-ng.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/buddy-ng.c b/src/buddy-ng.c +index 8a7927c..8da8996 100644 +--- a/src/buddy-ng.c ++++ b/src/buddy-ng.c +@@ -83,6 +83,8 @@ int handle(int s, unsigned char* data, int len, struct sockaddr_in *s_in) + *cmd++ = htons(S_CMD_PACKET); + *cmd++ = *pid; + plen = len - 2; ++ if (plen < 0) ++ return 0; + + last_id = ntohs(*pid); + if (last_id > 20000) +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff --- aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff 2014-11-11 23:54:55.000000000 +0100 @@ -0,0 +1,27 @@ +From 88702a3ce4c28a973bf69023cd0312f412f6193e Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotre...@aircrack-ng.org> +Date: Fri, 3 Oct 2014 02:00:34 +0000 +Subject: [PATCH] OSdep: Fixed segmentation fault that happens with a malicious + server sending a negative length (Closes #16 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2419 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/osdep/network.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/osdep/network.c b/src/osdep/network.c +index 4f0f8b2..4ebfaf4 100644 +--- a/src/osdep/network.c ++++ b/src/osdep/network.c +@@ -131,7 +131,7 @@ int net_get(int s, void *arg, int *len) + if (!(plen <= *len)) + printf("PLEN %d type %d len %d\n", + plen, nh.nh_type, *len); +- assert(plen <= *len); /* XXX */ ++ assert(plen <= *len && plen > 0); /* XXX */ + + *len = plen; + if ((*len) && (net_read_exact(s, arg, *len) == -1)) +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/series aircrack-ng-1.2-0~beta3/debian/patches/series --- aircrack-ng-1.2-0~beta3/debian/patches/series 2014-05-20 20:31:44.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/patches/series 2014-11-11 23:59:00.000000000 +0100 @@ -2,3 +2,7 @@ 001-Airodump_whitespace_oui.diff 002-fix-libnl-detection.diff 003-dont-abort-libnl-nolinux.diff +004-CVE-2014-8321.diff +005-CVE-2014-8322.diff +006-CVE-2014-8323.diff +007-CVE-2014-8324.diff
signature.asc
Description: OpenPGP digital signature
