[Bug 2069821] Update Released
Andreas Hasenack
2069821 at bugs.launchpad.net
Thu Sep 26 18:18:24 UTC 2024
The verification of the Stable Release Update for mdadm has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/2069821
Title:
[VROC] [Ub 24.04] mdadm: buffer overflow detected
Status in mdadm package in Ubuntu:
Fix Released
Status in mdadm source package in Noble:
Fix Released
Status in mdadm source package in Oracular:
Fix Released
Bug description:
[ Impact ]
mdadm crashes sporadically with error *** buffer overflow detected ***
at some invokations:
- mdadm --detail-pl
- mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme1n1
*** buffer overflow detected ***: terminated
Aborted (core dumped)
[ Test Plan ]
- Install mdadm
- Issue this command several times:
mdadm --detail-pl
[ Where problems could occur ]
The fix is very small and basically it replaces the unsafe functions call
to sprintf by calling snprintf for Intel platforms (platform_intel.c)
I do not expect high regression risk.
[ Other Info ]
mdadm is built with FORTIFY_SOURCE=3 (as it is done in Ubuntu 24.04).
and it uses the unsafe function sprintf() that will cause the
buffer-overflow error
It is fixed in mdadm upstream:
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=827e1870f320545796d907f50af594e901399417
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/2069821/+subscriptions
More information about the foundations-bugs
mailing list