Bug#714745:
can confirm this bug in debian stretch still exists.
the bug is more broad than the description provided by the original
poster. in appears that ANY package that is a dependency of a package
to be upgraded can block the security update of the parent package. as
such, the package continues to remain vulnerable and exploitable.
https://security-tracker.debian.org/tracker/CVE-2017-5019
notice that stretch and sid are still vulnerable. the fix has only
been deployed to stable (as a side note, this is also one example of
why you SHOULD NOT be running testing or sid as you main distro, as
Micah Lee, famed Snowden journalist, does and can be targeted as such
because fixes go into stable, sometimes long before sid and testing).
so, i wouldn't recommend a "YOLO" approach to running debian sid as
your main distro [1] exactly for that reason. if you are running
testing or sid, here is a snapshot of the updated packages as of today
showing that you are still vulnerable. similar problems apply to other
more important packages, like libc, openssl, kernels, etc.
jessie (security) 56.0.2924.76-1~deb8u1 fixed
stretch 55.0.2883.75-3 vulnerable
sid 55.0.2883.75-6 vulnerable
anyway, this is also a great confirmation of the bug because the
chromium update is blocked on libpng12-0, which is required for the
update to proceed.
$ apt-cache policy chromium
chromium:
Installed: 55.0.2883.75-3
Candidate: 56.0.2924.76-1~deb8u1
Version table:
56.0.2924.76-1~deb8u1 500
500 https://deb.debian.org/debian-security stable/updates/main
amd64 Packages
...
$ cat /etc/apt/apt.conf.d/50unattended-upgrades | egrep -i security
"label=Debian-Security";
$ apt list --upgradable
Listing... Done
chromium/stable 56.0.2924.76-1~deb8u1 amd64 [upgradable from: 55.0.2883.75-3]
...
$ sudo unattended-upgrade -d --dry-run
...
Starting unattended upgrades script
Allowed origins are: ['label=Debian-Security']
Checking: chromium ([])
pkg 'libpng12-0' not in allowed origin
sanity check failed
see above the the update to chromium is blocked on libpng12-0, which
was not required in the prior release
$ msg="Requires libpgn12-0?:"; apt show chromium=55.0.2883.75-3
2>/dev/null | egrep -q libpng12-0; if [[ $? -eq 0 ]]; then echo
"${msg} YES"; else echo "${msg} NO"; fi
Requires libpgn12-0?: NO
$ msg="Requires libpgn12-0?:"; apt show chromium=56.0.2924.76-1~deb8u1
2>/dev/null | egrep -q libpng12-0; if [[ $? -eq 0 ]]; then echo
"${msg} YES"; else echo "${msg} NO"; fi
Requires libpgn12-0?: YES
why is it such a big deal? because "yolo"s get pwned, so stay safe...
[$8837][671102] High CVE-2017-5007: Universal XSS in Blink. Credit to
Mariusz Mlynski
[$8000][673170] High CVE-2017-5006: Universal XSS in Blink. Credit to
Mariusz Mlynski
[$8000][668552] High CVE-2017-5008: Universal XSS in Blink. Credit to
Mariusz Mlynski
[$7500][663476] High CVE-2017-5010: Universal XSS in Blink. Credit to
Mariusz Mlynski
[$3000][662859] High CVE-2017-5011: Unauthorised file access in
Devtools. Credit to Khalil Zhani
[$3000][667504] High CVE-2017-5009: Out of bounds memory access in
WebRTC. Credit to Sean Stanek and Chip Bradford
[$5500][681843] High CVE-2017-5012: Heap overflow in V8. Credit to
Gergely Nagy (Tresorit)
[$2000][677716] Medium CVE-2017-5013: Address spoofing in Omnibox.
Credit to Haosheng Wang (@gnehsoah)
[$2000][675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
[$2000][673971] Medium CVE-2017-5015: Address spoofing in Omnibox.
Credit to Armin Razmdjou
[$2000][666714] Medium CVE-2017-5019: Use after free in Renderer.
Credit to Wadih Matar
[$1000][673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to
Haosheng Wang (@gnehsoah)
[$500][676975] Medium CVE-2017-5017: Uninitialised memory access in
webm video. Credit to danberm
[$500][668665] Medium CVE-2017-5018: Universal XSS in chrome://apps.
Credit to Rob Wu
[$TBD][668653] Medium CVE-2017-5020: Universal XSS in
chrome://downloads. Credit to Rob Wu
[$N/A][663726] Low CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
[$N/A][663620] Low CVE-2017-5022: Bypass of Content Security Policy in
Blink. Credit to 李普君 of 无声信息技术PKAV Team
[$N/A][651443] Low CVE-2017-5023: Type confusion in metrics. Credit to
the UK's National Cyber Security Centre (NCSC)
[$N/A][643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
[$N/A][643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
[$500][634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
[1] https://micahflee.com/2016/01/debian-grsecurity/
Bug#849330: Info received ()
also affects kernel 4.9.
1768 /*
1769 * allocate dram shared table, it is an aligned memory
1770 * block of ICT_SIZE.
1771 * also reset all data related to ICT table interrupt.
1772 */
1773 int iwl_pcie_alloc_ict(struct iwl_trans *trans)
1774 {
1775 struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
1776
1777 trans_pcie->ict_tbl =
1778 dma_zalloc_coherent(trans->dev, ICT_SIZE,
1779 &trans_pcie->ict_tbl_dma,
1780 GFP_KERNEL);
1781 if (!trans_pcie->ict_tbl)
1782 return -ENOMEM;
1783
1784 /* just an API sanity check ... it is guaranteed to be aligned */
1785 if (WARN_ON(trans_pcie->ict_tbl_dma & (ICT_SIZE - 1))) {
1786 iwl_pcie_free_ict(trans);
1787 return -EINVAL;
1788 }
1789
1790 return 0;
1791 }
the bug appears at:
1784 /* just an API sanity check ... it is guaranteed to be aligned */
so in fact it does NOT appear to be "guaranteed to be aligned". the
assumption may be wrong
some other debug / error data:
[ 3564.850843] iwlwifi: unknown parameter 'mac80211' ignored
...
[ 3574.279039] thermal thermal_zone2: failed to read out thermal zone (-5)
...
[ 3578.745673] iwlwifi :03:00.0: Microcode SW error detected.
Restarting 0x200.
...
[ 3578.746307] 8b928b84 8d4e937a0018
a88b070cf400
[ 3578.746309] c0ad296d 8d4e 8d4e92c570c0
8b6b8ca0
[ 3578.746310] a88b070cf390 a88b070cf390 c3fd1710
a88b070cf400
[ 3578.746312] Call Trace:
[ 3578.746315] [] ? dump_stack+0x5c/0x78
[ 3578.746320] [] ?
iwl_trans_pcie_send_hcmd+0x3cd/0x4e0 [iwlwifi]
[ 3578.746322] [] ? prepare_to_wait_event+0xf0/0xf0
[ 3578.746327] [] ? iwl_mvm_send_cmd+0x23/0x80 [iwlmvm]
[ 3578.746330] [] ? iwl_mvm_send_cmd_pdu+0x4f/0x70 [iwlmvm]
[ 3578.746332] [] ?
iwl_send_paging_cmd.isra.16+0xf4/0x120 [iwlmvm]
[ 3578.746334] [] ?
iwl_mvm_load_ucode_wait_alive+0x641/0x7a0 [iwlmvm]
[ 3578.746335] [] ? 0xc0f41000
[ 3578.746338] [] ?
iwl_trans_pcie_start_hw+0xf2/0x2d0 [iwlwifi]
[ 3578.746340] [] ? iwl_mvm_up+0x12b/0x5f0 [iwlmvm]
[ 3578.746342] [] ? skb_dequeue+0x52/0x60
[ 3578.746344] [] ? wireless_nlevent_flush+0x4f/0x90
[ 3578.746359] [] ? __iwl_mvm_mac_start+0x207/0x310 [iwlmvm]
[ 3578.746361] [] ? update_sd_lb_stats+0xe6/0x4b0
[ 3578.746363] [] ? iwl_mvm_mac_start+0x46/0x110 [iwlmvm]
[ 3578.746374] [] ? drv_start+0x3a/0xf0 [mac80211]
[ 3578.746381] [] ? ieee80211_do_open+0x295/0x980 [mac80211]
[ 3578.746389] [] ?
ieee80211_check_concurrent_iface+0x11a/0x1e0 [mac80211]
[ 3578.746391] [] ? __dev_open+0xc2/0x140
[ 3578.746393] [] ? __dev_change_flags+0x96/0x150
[ 3578.746394] [] ? dev_change_flags+0x23/0x60
[ 3578.746395] [] ? do_setlink+0x30e/0xd20
[ 3578.746397] [] ? __nla_reserve+0x38/0x50
[ 3578.746398] [] ? __nla_put+0xc/0x20
[ 3578.746399] [] ? inet6_fill_ifla6_attrs+0x416/0x430
[ 3578.746401] [] ? inet6_fill_link_af+0x16/0x30
[ 3578.746402] [] ? rtnl_fill_ifinfo+0xac2/0xf50
[ 3578.746403] [] ? rtnl_newlink+0x5c6/0x870
[ 3578.746404] [] ? __netlink_sendskb+0x38/0x60
[ 3578.746406] [] ? fib6_clean_node+0x85/0x170
[ 3578.746408] [] ? security_capable+0x41/0x60
[ 3578.746409] [] ? rtnetlink_rcv_msg+0xe1/0x220
[ 3578.746410] [] ? rtnl_newlink+0x870/0x870
[ 3578.746412] [] ? netlink_rcv_skb+0xa1/0xc0
[ 3578.746413] [] ? rtnetlink_rcv+0x24/0x30
[ 3578.746414] [] ? netlink_unicast+0x184/0x230
[ 3578.746415] [] ? netlink_sendmsg+0x2f8/0x3b0
[ 3578.746416] [] ? sock_sendmsg+0x30/0x40
[ 3578.746417] [] ? ___sys_sendmsg+0x2c2/0x2d0
[ 3578.746419] [] ? proc_get_long.constprop.13+0x11d/0x1b0
[ 3578.746420] [] ? __do_proc_dointvec+0x33d/0x400
[ 3578.746421] [] ? do_proc_douintvec_conv+0x30/0x30
[ 3578.746422] [] ? __do_proc_dointvec+0x33d/0x400
[ 3578.746424] [] ? lockref_put_or_lock+0x5a/0x80
[ 3578.746425] [] ? dput+0x175/0x250
[ 3578.746426] [] ? __sys_sendmsg+0x51/0x90
[ 3578.746428] [] ? system_call_fast_compare_end+0xc/0x9b
...
[ 3579.369654] WARNING: CPU: 5 PID: 6215 at
/build/linux-fgnWKv/linux-4.9.2/drivers/net/wireless/intel/iwlwifi/pcie/rx.c:1784
iwl_pcie_alloc_ict+0xde/0x100 [iwlwifi]
Bug#849330:
can confirm this bug. removing 8000-C ucode 22 firmware stub works. before removing, you will get errors 99% of the time upon driver load similar to below: "pcie/rx.c iwl_pcie_alloc_ict" "iwlwifi: probe of" "failed with error -22" in rx.c in function iwl_pcie_alloc_ict around line ~1700 (1747?) could be a memory alignment issue with zalloc upon loading the newer (broken) firmware for the 8260 (rev3a)? just some thoughts again, to reiterate the temporary workaround, just: $ sudo rm /lib/firmware/iwlwifi-8000C-22.ucode and then ensure this gets fixed upstream in iwlwifi-8000C-22.ucode before installing any firmware-iwlwifi updates or hold the package: $ sudo apt-mark hold firmware-iwlwifi remove the hold if / when it gets fixed in debian later: $ sudo apt-mark unhold firmware-iwlwifi
Bug#672449: x11vnc: Option -no6 and -noipv6 do not seem to have effect
This bug is STILL present. Also, using the proposed workaround "-rfbportv6 -1" does not seem to have any effect. Is the Debian maintainer active with the upstream developers and looking into a fix? The proper solution is to actually make the "-no6" option NOT bind to any IPv6 / tcp6 interface. For instance, in order to fix this bug and verify it, please ensure the following behavior is corrected: Example: """ # x11vnc -safer -listen 127.0.0.1 -no6 -bg -display :0 2>&1 | egrep -i 'tcp6' 23/07/2014 14:48:42 Autoprobing TCP6 port 23/07/2014 14:48:42 Autoprobing selected TCP6 port 5900 # netstat -plnt | egrep '^tcp6.*/x11vnc' && echo ' THIS HERE MEANS THE "-no6" OPTION IS NOT WORKING' tcp6 0 0 :::5900 :::* LISTEN 9045/x11vnc THIS HERE MEANS THE "-no6" OPTION IS NOT WORKING """ -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#634930: gpa: GPA unusable due to "General Assuan error"
I was able to compile my own version that works fine. Here is how Debian -- or anyone else that wants to -- can fix the error. There are two options: Option 1: * Debian / Ubuntu need to reintroduce gpa into the repos again, but make gpa depend on libassuan-dev (v1 only -- not v2). * libassuan-dev was recently upgraded to v2, so this broke gpa. * To build properly, the config script MUST be set to assuan API v1, not v2 (should be already). Option 2: * Allow gpa to depend on libassuan-dev v2. * However, to do this, gpa MUST use the new assuan v2 API and change a few function call stubs which violate the new v2 API (using v1 API call stubs). * Then gpa should build fine using the new assuan v2 API. Cheers, -- Kristian Erik Hermansen https://profiles.google.com/kristian.hermansen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#498020:
Yes, please send the patch to the nmap debian package maintainer!!! Thanks :-) -- Kristian Erik Hermansen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#406569:
Has this been fixed? I would like to confirm this bug is still present as of today's stable release :-( -- Kristian Erik Hermansen \xeb\xfe -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#323420: Metasploit 3.2 will have new BSD license
On Thu, Nov 6, 2008 at 1:22 AM, Luciano Bello <[EMAIL PROTECTED]> wrote: > Kristian, anarcat and James, >It looks that you are interested in help with this package. Are you > agree if we wait to 3.2 release to start packaging it? Agreed. We will begin after 3.2 is out. Regards... -- Kristian Erik Hermansen http://kristian-hermansen.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#323420: Metasploit 3.2 will have new BSD license
On Wed, Nov 5, 2008 at 10:05 AM, Luciano Bello <[EMAIL PROTECTED]> wrote: > El Vie 10 Oct 2008, Kristian Erik Hermansen escribió: >> Please be advised that inclusion of Metasploit 3.2 will be much easier >> given the news that a BSD licensed release of Metasploit 3.2 will be >> available soon! >> http://www.metasploit.com/blog/#blog-0 > > Sorry for the delay, I'm VACed these days (until mid-november). > > IIRC, the problem is with the copyright in the payloads and shellcodes. Can > you check it? I don't believe that is an issue any longer. Could someone from the metasploit legal/dev team please comment on allowing Luciano to pull MSF 3.2 sources into Debian given the new BSD license? Please advise. Thanks! -- Kristian Erik Hermansen http://kristian-hermansen.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#323420: Metasploit 3.2 will have new BSD license
Please be advised that inclusion of Metasploit 3.2 will be much easier given the news that a BSD licensed release of Metasploit 3.2 will be available soon! http://www.metasploit.com/blog/#blog-0 -- Kristian Erik Hermansen http://kristian-hermansen.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#311505: xmlstarlet doesn't encode double quotes in XPath expressions
This bug still seems present :-( -- Kristian Erik Hermansen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#361001: ITP: eiffelstudio -- Eiffel Development Framework (IDE and Compiler)
Any progress made on getting Eiffel 6.1 GPL into Debian? https://www2.eiffel.com/download/ -- Kristian Erik Hermansen "Know something about everything and everything about something." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
