[Bug 1441388] Re: numactl crashes with segfault
This bug was fixed in the package numactl - 2.0.9~rc5-1ubuntu3.14.10.1 --- numactl (2.0.9~rc5-1ubuntu3.14.10.1) utopic-proposed; urgency=medium * d/p/libnuma-ppc64el-cpu-number-not-contiguous - patch from Thierry FAUCK (LP: #1358835) * d/patches/from-git-6a7c2cf3-fix-uninitialised-mask.patch: Fix libnuma SEGV due to uninitialised mask. (LP: #1441388) * d/rules: include simple-patchsys.mk to get patches applied -- Serge Hallyn Thu, 21 May 2015 15:30:52 -0700 ** Changed in: numactl (Ubuntu Utopic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
This bug was fixed in the package numactl - 2.0.9~rc5-1ubuntu3.14.04.1 --- numactl (2.0.9~rc5-1ubuntu3.14.04.1) trusty-proposed; urgency=medium * d/p/libnuma-ppc64el-cpu-number-not-contiguous - patch from Thierry FAUCK (LP: #1358835) * d/patches/from-git-6a7c2cf3-fix-uninitialised-mask.patch: Fix libnuma SEGV due to uninitialised mask. (LP: #1441388) * d/rules: include simple-patchsys.mk to get patches applied -- Serge Hallyn Thu, 21 May 2015 15:43:11 -0700 ** Changed in: numactl (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
I have tested both the 14.04 and 14.10 packages [1], and they work great. Splendid work, Chris! -- [1] http://archive.ubuntu.com/ubuntu/pool/universe/n/numactl/numactl_2.0.9~rc5-1ubuntu3.14.04.1_amd64.deb http://archive.ubuntu.com/ubuntu/pool/universe/n/numactl/numactl_2.0.9~rc5-1ubuntu3.14.10.1_amd64.deb -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
Hello Daniel, or anyone else affected, Accepted numactl into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/numactl/2.0.9~rc5-1ubuntu3.14.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: numactl (Ubuntu Trusty) Status: New => Fix Committed ** Tags added: verification-needed ** Changed in: numactl (Ubuntu Utopic) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
** Also affects: numactl (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: numactl (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: numactl (Ubuntu) Importance: Undecided => High ** Changed in: numactl (Ubuntu Trusty) Importance: Undecided => High ** Changed in: numactl (Ubuntu Utopic) Importance: Undecided => High ** Description changed: + === + SRU Justification + Impact: program crashes, may be exploitable + Test case: "numactl --hardware" on a large system + Regression potential: this patch only makes sure that a bitmask is in bss to initialize to 0. + === numactl sometimes crashes when enumerating hardware: root@node1:~# numactl --hardware available: 648 nodes (0-647) Segmentation fault Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing. Therefore, it is possible to leverage this in an exploit. I have fixed the issue upstream: https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
The attachment "debdiff with upstream fix" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
I've attached the debdiff with the fix. ** Patch added: "debdiff with upstream fix" https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+attachment/4369005/+files/numactl_2.0.9%7Erc5-1ubuntu4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
A CVE hasn't been assigned. Presumably an attacker could manipulate the environment before an application's libnuma call to have the uninitialised pointer point to information in memory they'd like to extract, or cause a denial. If an application that gained privileges (capabilities, setuid etc) uses libnuma, this may allow access to move privileged data. That said, probably it would only be libvirt: $ apt-cache rdepends libnuma1 libnuma1 Reverse Depends: libvirt0 libvirt-bin libhwloc5 libvirt0 libvirt-bin libnuma1:i386 libnuma1:i386 crafty rt-tests procenv numactl libhwloc5 libvirt0 libvirt-bin libnuma-dev libnuma-dbg irqbalance -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1441388] Re: numactl crashes with segfault
Do you know if a CVE has been assigned to this issue? I don't directly see how it could be used to cross privilege boundaries. Is there something I've missed? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs