Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading (NMU 1.6.0-19.1)

2010-10-18 Thread Julien Cristau
On Mon, Oct 18, 2010 at 14:46:03 +0300, Jari Aalto wrote: > Removing the colon does not address this: > > ( > LD_LIBRARY_PATH="::" > LD_LIBRARY_PATH="/usr/lib/debug${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" > echo $LD_LIBRARY_PATH > ) > That's not something that needs

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading (NMU 1.6.0-19.1)

2010-10-18 Thread Jari Aalto
Julien Cristau writes: > On Mon, Oct 18, 2010 at 13:42:43 +0300, Jari Aalto wrote: > >> + * debian/vdrleaktest >> + - Remove extra colon from LD_LIBRARY_PATH and improve security >> + by cleaning LD_LIBRARY_PATH with new function Pathclean(). >> + (normal, security, reopened; Closes: #

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading (NMU 1.6.0-19.1)

2010-10-18 Thread Julien Cristau
On Mon, Oct 18, 2010 at 13:42:43 +0300, Jari Aalto wrote: > + * debian/vdrleaktest > + - Remove extra colon from LD_LIBRARY_PATH and improve security > + by cleaning LD_LIBRARY_PATH with new function Pathclean(). > + (normal, security, reopened; Closes: #598308). > + That's not "improv

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading (NMU 1.6.0-19.1)

2010-10-18 Thread Jari Aalto
> [julien] This patch is broken. There's a superfluous `:' after > /usr/lib/debug. > [jari] There is bigger problem with "::" New is new proposed NMU to address the security issue better. Jari diffstat for vdr_1.6.0-19 vdr_1.6.0-19.1 changelog | 11 ++- vdrleaktest | 15 ++

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading

2010-10-18 Thread Jari Aalto
>> +LANG=C >> LD_LIBRARY_PATH="/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \ >> valgrind --tool=memcheck --leak-check=yes --num-callers=20 \ > > [julien] > This patch is broken. There's a superfluous `:' after /usr/lib/debug. And I noticed that there is a bigger problem lurking:

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading

2010-10-02 Thread Tobias Grimm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julien Cristau wrote: > LD_LIBRARY_PATH is colon-separated, though, not semicolon-separated, so > LD_LIBRARY_PATH="/usr/lib/debug;$LD_LIBRARY_PATH" is broken, but not a > security issue. Besides, this looks like a debugging utility so I don't > think

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading

2010-09-28 Thread Julien Cristau
On Tue, Sep 28, 2010 at 04:23:26 +, Raphael Geissert wrote: > Package: vdr-dbg > Version: 1.6.0-18 > Severity: grave > Tags: security > User: t...@security.debian.org > Usertags: ldpath > > Hello, > > During a review of the Debian archive, I've found your package to > contain a script that c

Bug#598308: vdr-dbg: CVE-2010-3387: insecure library loading

2010-09-27 Thread Raphael Geissert
Package: vdr-dbg Version: 1.6.0-18 Severity: grave Tags: security User: t...@security.debian.org Usertags: ldpath Hello, During a review of the Debian archive, I've found your package to contain a script that can be abused by an attacker to execute arbitrary code. The vulnerability is introduced