Add security fixes from upstream
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openwsman (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Kent Baxley | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The upstream maintainer for openwsman has added in a bunch of security fixes after our security team conducted an audit of the code. There are still a few patches left to go, but, I would like to go ahead and include what's already upstream into the 14.04 release:
ws_xml_
wsmc_create_
LocalSubscripti
Incorrect order of sanity guards in wsman_get_
Unchecked memory allocation in wsman_init_
Unchecked memory allocation in mem_double(), newptr
Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
Unchecked memory allocation in u_error_new(), *error
sighup_handler() in wsmand.c uses unsafe functions in a signal handler
Support SHA512 password encoding, use safe_cmp to prevent brute-force
attacks
increase password upper limit to 128 characters (from 64)
Related branches
- Jamie Strandboge: Approve
-
Diff: 607 lines (+539/-0)13 files modifieddebian/changelog (+30/-0)
debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch (+74/-0)
debian/patches/SHA512-password-fixes.patch (+82/-0)
debian/patches/increase-password-upper-limit.patch (+20/-0)
debian/patches/mem-allocation-dictionary-new-fix.patch (+58/-0)
debian/patches/mem-allocation-mem-double-newptr-fix.patch (+37/-0)
debian/patches/mem-allocation-u-error-new-fix.patch (+22/-0)
debian/patches/mem-allocation-wsman-init-plugins-fix.patch (+52/-0)
debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch (+19/-0)
debian/patches/series (+11/-0)
debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch (+29/-0)
debian/patches/wsman-get-fault-status-sanity-guard-fix.patch (+64/-0)
debian/patches/wsmc-create-request-fix-buff-overflow.patch (+41/-0)
information type: | Private Security → Public Security |
description: | updated |
Kent, thanks for taking on this task; your debdiff currently has all the .pc/ files from having quilt patches applied, which complicates reviewing the debdiff. Can you regenerate it with the quilt patches popped?
To issue a security update for this, we should have CVEs for any of these patches that may be security issues; do you know if Klaus has CVE numbers already assigned or not? If not, I can ask for CVEs on oss-security. (I'm hoping Klaus has, because perhaps some of these are simple bug fixes.)
Thanks