[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
This bug was fixed in the package whoopsie - 0.2.71 --- whoopsie (0.2.71) groovy; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Brian Murray Wed, 05 Aug 2020 15:00:45 -0700 ** Changed in: whoopsie (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Tags removed: rls-ff-incoming ** Changed in: whoopsie (Ubuntu Eoan) Status: Confirmed => Won't Fix ** Changed in: whoopsie (Ubuntu Groovy) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
This bug was fixed in the package whoopsie - 0.2.62ubuntu0.5 --- whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 ** Changed in: whoopsie (Ubuntu Bionic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
This bug was fixed in the package whoopsie - 0.2.52.5ubuntu0.5 --- whoopsie (0.2.52.5ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
This bug was fixed in the package whoopsie - 0.2.69ubuntu0.1 --- whoopsie (0.2.69ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 ** Changed in: whoopsie (Ubuntu Focal) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11937 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15570 ** Changed in: whoopsie (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Also affects: whoopsie (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Groovy) Importance: High Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: whoopsie (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Eoan) Importance: Undecided Status: New ** Changed in: whoopsie (Ubuntu Xenial) Status: New => Confirmed ** Changed in: whoopsie (Ubuntu Bionic) Status: New => Confirmed ** Changed in: whoopsie (Ubuntu Eoan) Status: New => Confirmed ** Changed in: whoopsie (Ubuntu Focal) Status: New => Confirmed ** Changed in: whoopsie (Ubuntu Xenial) Importance: Undecided => High ** Changed in: whoopsie (Ubuntu Bionic) Importance: Undecided => High ** Changed in: whoopsie (Ubuntu Eoan) Importance: Undecided => High ** Changed in: whoopsie (Ubuntu Focal) Importance: Undecided => High ** Changed in: whoopsie (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Eoan) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
https://github.com/sungjungk/apport-vuln -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Changed in: whoopsie (Ubuntu) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: whoopsie (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Changed in: whoopsie (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
I am utilizing the 8GB of RAM and pre-compiled version of Ubuntu 18.04. Could you tell me how much ram do you have in that machine? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
I still can't reproduce this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Sure. This issue is also reproducible with pre-compiled version of 0.2.62ubuntu0.4. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Sorry, I meant "Are you able to reproduce the issue with the pre- compiled version of Whoopsie that comes with it?" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Thanks for the video, but I still can't reproduce the issue. What version of Ubuntu are you running in the video? How much ram do you have in that machine? Are you able to reproduce the issue with the pre-compiled version of Ubuntu that comes with it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Thank you for your reply. Please check the following video. https://youtu.be/pGfOzcgd5CU It also affects on whoopsie 0.2.69. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Hi, What release did you use to reproduce this? I tried reproducing it in Ubuntu 18.04 LTS, but whoopsie parses the file without segfaulting. I tried both $ python -c "print('A' * 0x + ' : ' + 'B')" > /var/crash/fake.crash and $ python -c "print('A' * 0xFFFE + ' : ' + 'B')" > /var/crash/fake.crash Could you give a bit more details on how to reproduce this? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Changed in: whoopsie (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Use CVE-2020-12135. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12135 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
Hi, Thanks for reporting this issue. We are currently investigating it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
It looks like bson.c in whoopsie was originally taken from here: https://github.com/10gen-archive/mongo-c-driver-legacy/tree/master/src The upstream repo has seen a lot of security fixes since the code was copied, perhaps we should investigate re-syncing it before attempting to fix it ourselves. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Changed in: whoopsie (Ubuntu) Importance: Undecided => High ** Tags added: rls-ff-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872560] Re: integer overflow in whoopsie 0.2.69
** Summary changed: - heap-based buffer overflow in bson.c + integer overflow in whoopsie 0.2.69 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872560 Title: integer overflow in whoopsie 0.2.69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs