LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 09-12-2013, 02:48 PM   #1
mancha
Member
 
Registered: Aug 2012
Posts: 279

Rep: Reputation: Disabled
[Slackware-current]: glibc 2.17; CVE-2013-4332


Pat:

Three integer overflow vulnerabilities were recently discovered in glibc memory allocator functions:
pvalloc, valloc, and memalign which can corrupt the heap. The issue was assigned CVE-2013-4332.

I've made available a backport patch for glibc 2.17 for your consideration.

To test this vulnerability you can run the PoC as below:

Pre-patch:
Code:
root@infinity:~# ./glibc-test ; echo $?
*** Error in `./glibc-test': free(): invalid next size (normal): 0x093a4008 ***
^C
Post-patch:
Code:
root@infinity:~# ./glibc-test ; echo $?
0
PoC:
Code:
/* gcc -o glibc-test glibc-test.c */

#include <stdlib.h>
#include <malloc.h>
#include <unistd.h>

int main(void)
{
  void *memptr;
  unsigned long pagesize = getpagesize();

  /* uncomment one at a time (pvalloc, valloc, or posix_memalign)  */
  pvalloc (-pagesize);
  //valloc (-pagesize);
  //posix_memalign(&memptr, pagesize, -pagesize);

  return 0;
}
--mancha

---
[1] http://seclists.org/oss-sec/2013/q3/597
[2] https://sourceware.org/git/?p=glibc....h=1159a193696a
[3] https://sourceware.org/git/?p=glibc....h=55e17aadc1ef
[4] https://sourceware.org/git/?p=glibc....h=b73ed247781d
 
Old 09-12-2013, 05:48 PM   #2
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Rep: Reputation: 38
glibc 2.18 has same problem; (against my 2.18 multilib build).
 
Old 09-12-2013, 06:04 PM   #3
mancha
Member
 
Registered: Aug 2012
Posts: 279

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by number22
glibc 2.18 has same problem; (against my 2.18 multilib build).
The commits I referenced: [2], [3], and [4] should apply cleanly to glibc 2.18 once you remove
the ChangeLog blobs.

--mancha
 
1 members found this post helpful.
Old 09-12-2013, 07:34 PM   #4
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Rep: Reputation: 38
tried your patch with clean 2.17 glibc SlackBuild 64 bit(slackbuild and all slackware's patches), still have the problem.

Last edited by number22; 09-12-2013 at 07:36 PM.
 
Old 09-13-2013, 09:23 AM   #5
jon lee
Member
 
Registered: Jul 2013
Posts: 81

Rep: Reputation: Disabled
Is this why I'm seeing this bug:
Code:
bash-4.2$ firefox

(process:15933): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
randomly from a few web sites?
 
Old 09-13-2013, 10:58 AM   #6
Ilgar
Member
 
Registered: Jan 2005
Location: Istanbul, Turkey
Distribution: Slackware 14.1, Slackware64 14.1
Posts: 917

Rep: Reputation: 87
Glib and glibc are different things. The former is a part of the Gtk+ toolkit that is also used by Firefox.
 
Old 09-14-2013, 07:47 AM   #7
mancha
Member
 
Registered: Aug 2012
Posts: 279

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by number22
tried your patch with clean 2.17 glibc SlackBuild 64 bit(slackbuild and all slackware's patches), still have the problem.
Works perfectly fine for me on both Slackware-current and Slackware64-current.

--mancha

Last edited by mancha; 09-14-2013 at 07:57 AM.
 
Old 09-14-2013, 03:35 PM   #8
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 181
Blog Entries: 1

Rep: Reputation: 38
Quote:
Originally Posted by mancha View Post
Works perfectly fine for me on both Slackware-current and Slackware64-current.

--mancha
I used 3 patches from links you provided and finally get all(pvalloc, valloc, posix_memalign) works(2.17, and 2.18 multilibs), anyway, thanks, I don't know why your patch didn't. And I tested on glibc 2.7 (slackware 12.2), this problem occurred as well.

Last edited by number22; 09-14-2013 at 03:38 PM.
 
Old 09-18-2013, 10:21 AM   #9
mancha
Member
 
Registered: Aug 2012
Posts: 279

Original Poster
Rep: Reputation: Disabled
Great way to start one's day - a beta announcement!

Glad my CVE-2013-4332 backport works back to 2.9 (with offsets); I hadn't checked anything aside from -current though I guess I should have. Tagging this thread solved.

--mancha

PS Small typo in ChangeLog.txt and security announcement that might be worth fixing:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2013-4332" (extra 2013 slipped in)
 
Old 11-11-2013, 08:22 AM   #10
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: BSD, GNU/Linux (Slackware, etc.,) openSolaris
Posts: 194

Rep: Reputation: 21
On Slackware 14.1, I am having the exact same problem with Firefox, and perhaps other programs, but definitely similar results--segmentation faults--on many of the programs I use or used: Emacs, GIMP, Seamonkey, Thunderbird, image viewers, etc., and I had had the problem on SlackBuilds like Claws Mail, but I also did a new installation on my PC and laptop, without SlackBuilds, erased all my X/KDE configuration. Someone said it may be my RAM, however that is just several months old, and I did memtest86+ until it said '100%', with no errors (though it seemed like it had only got far into test #8 of 11 and was calling that '100%', but was still going--I thought it restarted). My installation ISO's md5sum was ok.
 
Old 11-11-2013, 02:36 PM   #11
mancha
Member
 
Registered: Aug 2012
Posts: 279

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by dchmelik View Post
On Slackware 14.1, I am having the exact same problem with Firefox, and perhaps other programs, but definitely similar results--segmentation faults--on many of the programs.
It's unclear to me how this has anything to do with this thread: glibc 2.17 & CVE-2013-4332.

--mancha
 
Old 11-11-2013, 02:42 PM   #12
GazL
Senior Member
 
Registered: May 2008
Posts: 3,318

Rep: Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881
It looks like he's latched onto post #5, but didn't read Ilgar's reply in post #6 saying that it wasn't relevant.
 
Old 11-11-2013, 03:08 PM   #13
jprzybylski
Member
 
Registered: Apr 2011
Location: Canada
Distribution: Slackware
Posts: 95

Rep: Reputation: 23
Quote:
Originally Posted by jon lee View Post
Is this why I'm seeing this bug:
Code:
bash-4.2$ firefox

(process:15933): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
randomly from a few web sites?
For reference, that's this bug. It's a pretty critical error, but it also seems extremely rare for it to affect anything at all. And yes, it's a GLib error, not a glibc error, so it has nothing to do with this thread in particular.

Slackware 14.1 gets released, and within a week OpenSSH and glibc have vulnerabilities. Seems legit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] [Slackware current]: Problem in Aug-30-2013 updates (?) mancha Slackware 7 10-08-2013 04:16 PM
[Slackware-current] glibc 2.17, shadow, and other penumbrae mancha Slackware 16 10-04-2013 02:59 PM
[SOLVED] Script to build always a current ISO image of Slackware (slackware-current) robertjinx Slackware 2 12-09-2010 02:00 AM
Problems with glibc on Slackware current? MS3FGX Slackware 2 03-30-2006 09:57 PM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration