Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
I'd like to update slurm-llnl in the next stable point release to fix a security vulnerability (CVE-2019-6438) on 32-bit systems that would potentially allow heap-overflow. debdiff attached, diffstat follows: changelog | 7 +++++ patches/CVE-2019-6438 | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 75 insertions(+) Thanks -- Gennaro Oliva
diff -Nru slurm-llnl-16.05.9/debian/changelog slurm-llnl-16.05.9/debian/changelog --- slurm-llnl-16.05.9/debian/changelog 2018-07-23 12:00:49.000000000 +0200 +++ slurm-llnl-16.05.9/debian/changelog 2019-02-21 17:24:53.000000000 +0100 @@ -1,3 +1,10 @@ +slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium + + * Fix CVE-2019-6438 by adding mitigation for a potential + heap-overflow on 32-bit systems (Closes: #920997) + + -- Gennaro Oliva <oliv...@na.icar.cnr.it> Thu, 21 Feb 2019 17:24:53 +0100 + slurm-llnl (16.05.9-1+deb9u2) stretch-security; urgency=high * Fix CVE-2018-10995 caused by mishandling user names (aka user_name diff -Nru slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 --- slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 1970-01-01 01:00:00.000000000 +0100 +++ slurm-llnl-16.05.9/debian/patches/CVE-2019-6438 2019-02-21 17:19:14.000000000 +0100 @@ -0,0 +1,67 @@ +Description: Add mitigation for a potential heap-overflow on 32-bit systems + Force intermediate values to uint64_t to catch the potential overflow + This patch was adapted from the changes of the 17.11 upstream branch +Author: Gennaro Oliva <oliv...@na.icar.cnr.it> +Bug-Debian: https://bugs.debian.org/920997 +Origin: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda +Forwarded: no +Last-Update: 2019-02-12 + +--- a/src/common/xmalloc.c ++++ b/src/common/xmalloc.c +@@ -72,13 +72,17 @@ static void malloc_assert_failed(char *, + * clear (IN) initialize to zero + * RETURN pointer to allocate heap space + */ +-void *slurm_xmalloc(size_t size, bool clear, ++void *slurm_xmalloc(uint64_t size, bool clear, + const char *file, int line, const char *func) + { + void *new; + size_t *p; + size_t total_size = size + 2 * sizeof(size_t); + ++ ++ if (size > 0xffffffff) ++ fatal("attempt at overflow"); ++ + if (clear) + p = calloc(1, total_size); + else +--- slurm-llnl-16.05.9.orig/src/common/xmalloc.h ++++ slurm-llnl-16.05.9/src/common/xmalloc.h +@@ -76,6 +76,8 @@ + #ifndef _XMALLOC_H + #define _XMALLOC_H + ++#include <stdint.h> ++ + #if HAVE_SYS_TYPES_H + # include <sys/types.h> + #endif +@@ -83,13 +85,13 @@ + #include "macros.h" + + #define xmalloc(__sz) \ +- slurm_xmalloc (__sz, true, __FILE__, __LINE__, __CURRENT_FUNC__) ++ slurm_xmalloc ((uint64_t) __sz, true, __FILE__, __LINE__, __CURRENT_FUNC__) + + #define xmalloc_nz(__sz) \ +- slurm_xmalloc (__sz, false, __FILE__, __LINE__, __CURRENT_FUNC__) ++ slurm_xmalloc ((uint64_t) __sz, false, __FILE__, __LINE__, __CURRENT_FUNC__) + + #define try_xmalloc(__sz) \ +- slurm_try_xmalloc(__sz, __FILE__, __LINE__, __CURRENT_FUNC__) ++ slurm_try_xmalloc((uint64_t) __sz, __FILE__, __LINE__, __CURRENT_FUNC__) + + #define xfree(__p) \ + slurm_xfree((void **)&(__p), __FILE__, __LINE__, __CURRENT_FUNC__) +@@ -109,7 +111,7 @@ + #define xsize(__p) \ + slurm_xsize((void *)__p, __FILE__, __LINE__, __CURRENT_FUNC__) + +-void *slurm_xmalloc(size_t, bool, const char *, int, const char *); ++void *slurm_xmalloc(uint64_t, bool, const char *, int, const char *); + void *slurm_try_xmalloc(size_t , const char *, int , const char *); + void slurm_xfree(void **, const char *, int, const char *); + void *slurm_xrealloc(void **, size_t, bool, const char *, int, const char *); diff -Nru slurm-llnl-16.05.9/debian/patches/series slurm-llnl-16.05.9/debian/patches/series --- slurm-llnl-16.05.9/debian/patches/series 2018-06-22 09:53:34.000000000 +0200 +++ slurm-llnl-16.05.9/debian/patches/series 2019-02-21 17:19:14.000000000 +0100 @@ -5,3 +5,4 @@ CVE-2017-15566 CVE-2018-10995 CVE-2018-7033 +CVE-2019-6438
