Hi, On Tue, Jun 27, 2017 at 10:13:25PM +0200, Salvatore Bonaccorso wrote: > We issued a regression update: > > https://lists.debian.org/debian-security-announce/2017/msg00160.html > > To answer your question still, if you set the kernel parameter to > stack_guard_gap=1 this wuould effectively revert the fix for > CVE-2017-1000364. > > Hope this helps?
Apparently not on i386... https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=i386&ver=1%3A5.3.4-1&stamp=1498741441&raw=0: [...] [build CUT] dbaccess_RowSetClones S=/<<PKGBUILDDIR>> && I=$S/instdir && W=$S/workdir && mkdir -p $W/CppunitTest/ && rm -fr $W/CppunitTest/dbaccess_RowSetClones.test.user && mkdir $W/CppunitTest/dbaccess_RowSetClones.test.user && rm -fr $W/CppunitTest/dbaccess_RowSetClones.test.core && mkdir $W/CppunitTest/dbaccess_RowSetClones.test.core && cd $W/CppunitTest/dbaccess_RowSetClones.test.core && ( LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}"$I/program:$I/program":$W/UnpackedTarball/cppunit/src/cppunit/.libs MALLOC_CHECK_=2 MALLOC_PERTURB_=153 $W/LinkTarget/Executable/cppunittester $W/LinkTarget/CppunitTest/libtest_dbaccess_RowSetClones.so --headless "-env:BRAND_BASE_DIR=file://$S/instdir" "-env:BRAND_SHARE_SUBDIR=share" "-env:UserInstallation=file://$W/CppunitTest/dbaccess_RowSetClones.test.user" "-env:CONFIGURATION_LAYERS=xcsxcu:file://$I/share/registry xcsxcu:file://$W/unittest/registry" "-env:UNO_TYPES=file://$I/program/types/offapi.rdb file://$I/program/types/oovbaapi.rdb file://$I/program/types.rdb" "-env:UNO_SERVICES=file://$W/Rdb/ure/services.rdb file://$W/ComponentTarget/basic/util/sb.component file://$W/ComponentTarget/comphelper/util/comphelp.component file://$W/ComponentTarget/configmgr/source/configmgr.component file://$W/ComponentTarget/connectivity/source/drivers/hsqldb/hsqldb.component file://$W/ComponentTarget/connectivity/source/drivers/jdbc/jdbc.component file://$W/ComponentTarget/connectivity/source/manager/sdbc2.component file://$W/ComponentTarget/dbaccess/util/dba.component file://$W/ComponentTarget/dbaccess/util/dbu.component file://$W/ComponentTarget/dbaccess/util/sdbt.component file://$W/ComponentTarget/dbaccess/source/filter/xml/dbaxml.component file://$W/ComponentTarget/filter/source/config/cache/filterconfig1.component file://$W/ComponentTarget/forms/util/frm.component file://$W/ComponentTarget/framework/util/fwk.component file://$W/ComponentTarget/i18npool/util/i18npool.component file://$W/ComponentTarget/linguistic/source/lng.component file://$W/ComponentTarget/oox/util/oox.component file://$W/ComponentTarget/package/source/xstor/xstor.component file://$W/ComponentTarget/package/util/package2.component file://$W/ComponentTarget/sax/source/expatwrap/expwrap.component file://$W/ComponentTarget/scripting/source/basprov/basprov.component file://$W/ComponentTarget/scripting/util/scriptframe.component file://$W/ComponentTarget/sfx2/util/sfx.component file://$W/ComponentTarget/sot/util/sot.component file://$W/ComponentTarget/svl/source/fsstor/fsstorage.component file://$W/ComponentTarget/svl/util/svl.component file://$W/ComponentTarget/toolkit/util/tk.component file://$W/ComponentTarget/ucb/source/core/ucb1.component file://$W/ComponentTarget/ucb/source/ucp/file/ucpfile1.component file://$W/ComponentTarget/ucb/source/ucp/tdoc/ucptdoc1.component file://$W/ComponentTarget/unotools/util/utl.component file://$W/ComponentTarget/unoxml/source/rdf/unordf.component file://$W/ComponentTarget/unoxml/source/service/unoxml.component file://$W/ComponentTarget/uui/util/uui.component file://$W/ComponentTarget/xmloff/util/xo.component" -env:URE_INTERNAL_LIB_DIR=file://$I/program -env:LO_LIB_DIR=file://$I/program -env:LO_JAVA_DIR=file://$I/program/classes --protector $W/LinkTarget/Library/unoexceptionprotector.so unoexceptionprotector --protector $W/LinkTarget/Library/unobootstrapprotector.so unobootstrapprotector --protector $W/LinkTarget/Library/libvclbootstrapprotector.so vclbootstrapprotector "-env:CPPUNITTESTTARGET=$W/CppunitTest/dbaccess_RowSetClones.test" > $W/CppunitTest/dbaccess_RowSetClones.test.log 2>&1 || ( RET=$?; $S/solenv/bin/gdb-core-bt.sh $W/LinkTarget/Executable/cppunittester $W/CppunitTest/dbaccess_RowSetClones.test.core $RET >> $W/CppunitTest/dbaccess_RowSetClones.test.log 2>&1; cat $W/CppunitTest/dbaccess_RowSetClones.test.log; $S/solenv/gbuild/platform/unittest-failed-default.sh Cppunit dbaccess_RowSetClones)) Segmentation fault (core dumped) It looks like /<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester generated a core file at /<<PKGBUILDDIR>>/workdir/CppunitTest/dbaccess_RowSetClones.test.core/core Backtraces: [New LWP 9516] [New LWP 9520] [New LWP 9519] [New LWP 9517] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". Core was generated by `/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppun'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0xead5a975 in _expand_stack_to(unsigned char*) () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so ^^^^^^^^^^^^^^^^ Tests the internal db, so hsqldb, so uses Java. Confirmed by bwh on IRC.. Regards, Rene