[Bug 1084279] Re: buffer overflow crash in libgcrypt when open files > 1024

Launchpad Bug Tracker 1084279 at bugs.launchpad.net
Wed Nov 27 22:22:13 UTC 2013 

This bug was fixed in the package libgcrypt11 - 1.5.3-2ubuntu1

---------------
libgcrypt11 (1.5.3-2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - no-global-init-thread-callbacks.diff: Do not call global_init when
      setting thread callbacks

libgcrypt11 (1.5.3-2) unstable; urgency=low

  * Convert to dh and move building of ps and html docs to
    override_dh_auto_build-indep. Enable parallel building.

libgcrypt11 (1.5.3-1) unstable; urgency=high

  * New upstream bugfix release. (CVE-2013-4242)

libgcrypt11 (1.5.2-3) unstable; urgency=low

  * Install libgcrypt.a and libgcrypt.so to /usr.
  * [15_multiarchpath_in_-L.diff] Do not print -L/lib/i386-linux-gnu on
    "libgcrypt-config --libs".
  * Use debhelper v9 mode. This allows us to mark libgcrypt11-dbg Multi-Arch:
    same.

libgcrypt11 (1.5.2-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by refering to anonscm instead
    of svn.debian.org.
  * Update info in debian/copyright from upstream's README, fixing typo 'teh'.
  * Delete some outdated and unused code in debian/rules.

libgcrypt11 (1.5.2-1) experimental; urgency=low

  * New upstream version.
    + IDEA support added.
  * Move list of supported algorithms to a separate paragraph in description
    to decrease work-load of translators. Closes: #640261
  * Move TeX-packages from b-d to Build-Depends-Indep. (Thanks, P. J.
    McDermott) Closes: #682597

libgcrypt11 (1.5.1-1) experimental; urgency=low

  * Point watchfile to stable release.
  * New upstream version.
  * Drop superfluous patches:
    29_Fix-a-problem-with-select-and-high-fds.patch
    30_Avoid-dereferencing-pointer-right-after-the-end.patch
    31_Fix-segv-with-AES-NI-on-some-platforms.patch
    32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
  * Bump version gcry_control at GCRYPT_1.2 in debian/libgcrypt11.symbols from
    1.4.5 to 1.5.1 since its argument enum has a new member.

libgcrypt11 (1.5.0-5) unstable; urgency=low

  * While we are at it also pick
    29_Fix-a-problem-with-select-and-high-fds.patch
    LP: #1084279

libgcrypt11 (1.5.0-4) unstable; urgency=low

  * Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
      30_Avoid-dereferencing-pointer-right-after-the-end.patch
      31_Fix-segv-with-AES-NI-on-some-platforms.patch
         <https://bugs.g10code.com/gnupg/issue1452> LP: #1105758
      32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
    Closes: #699034
 -- Seth Arnold <seth.arnold at canonical.com>   Wed, 27 Nov 2013 10:36:27 -0800

** Changed in: libgcrypt11 (Ubuntu)
       Status: Triaged => Fix Released

** Bug watch added: GnuPG Bugs #1452
   https://bugs.g10code.com/gnupg/issue1452

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4242

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt11 in Ubuntu.
https://bugs.launchpad.net/bugs/1084279

Title:
  buffer overflow crash in libgcrypt when open files > 1024

Status in “libgcrypt11” package in Ubuntu:
  Fix Released

Bug description:
  I am running JBoss with my open files set to > 1024 and when one of my
  Java classes tries to access the printers it talks to libcups which
  uses libgnutls which uses libgcrypt.  However, libgcrypt has some code
  that is calling FD_SET on a file descriptor but that gets reported as
  a buffer overflow because the file descriptor has a value of 1053
  which is greater than the FD_SETSIZE define of 1024.  This bug was
  fixed in libgcrypt in September 2011 but does not appear in the
  patched version of libgcrypt11 1.5.0 in Ubuntu 12.04.

  The git commit in libgcrypt that fixes the problem is
  061b11de60415e228f33599270d66aafe4b88d72 and can be viewed at:

  http://git.gnupg.org/cgi-
  bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=061b11de60415e228f33599270d66aafe4b88d72

  I submitted the crash (I think it's not entirely clear to me it did
  anything) using ubuntu-bug which I guess went to the whoopsie database
  or something.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libgcrypt11 1.5.0-3ubuntu0.1
  ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
  Uname: Linux 3.2.0-27-generic x86_64
  ApportVersion: 2.0.1-0ubuntu11
  Architecture: amd64
  Date: Wed Nov 28 17:57:12 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  MarkForUpload: True
  ProcEnviron:
   LANGUAGE=en_US:
   TERM=xterm-256color
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: libgcrypt11
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/1084279/+subscriptions

More information about the foundations-bugs mailing list