Just confirmed on precise 12.04
root@testing:/home/ubuntu# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION=Ubuntu 12.04.2 LTS
root@testing:/home/ubuntu# dpkg -l | grep liblockfile
ii liblockfile-bin 1.09-3
can't understand how this can get urgency=low if this can acntually
prevent systems from getting updates. imho this is should be critical
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1011477
** Branch linked: lp:ubuntu/raring-proposed/liblockfile
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1011477
Title:
cron-apt buffer overflow with high pid numbers
To manage notifications about
This bug was fixed in the package liblockfile - 1.09-5ubuntu1
---
liblockfile (1.09-5ubuntu1) raring; urgency=low
* debian/patches/fix-buffer-overflows.patch: Fix buffer overflows when
building strings
- Protect against overflows caused by long hostnames (LP: #941968)
-
I've attached a debdiff containing a fix for this bug in bug #941968
** Description changed:
on our system (Ubuntu-Server 10.04) we set sysctl -w kernel.pid_max =
4194304. When the pid counter is high, currently 300, then cron-
apt terminates with a buffer overflow message:
-
** Changed in: liblockfile (Ubuntu)
Importance: Undecided = Medium
** Changed in: liblockfile (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: liblockfile (Ubuntu)
Status: New = In Progress
--
You received this bug notification because you are a member of
** Attachment added: strace -f of the cron-apt call
https://bugs.launchpad.net/bugs/1011477/+attachment/3184606/+files/cron-apt.strace-f
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1011477
** Package changed: cron-apt (Ubuntu) = liblockfile (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1011477
Title:
cron-apt buffer overflow with high pid numbers
To manage notifications
the following patch on liblockfile's lockfile.c fixes the issue:
--- a/lockfile.c
+++ b/lockfile.c
@@ -175,7 +175,7 @@ int lockfile_create(const char *lockfile, int retries, int
flags)
struct stat st, st1;
char*tmplock;
charsysname[256];
-
The question is where does the magic '32' comes from.
sizeof(sysname) is 256...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1011477
Title:
cron-apt buffer overflow with high pid numbers
To
10 matches
Mail list logo