group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1771345] Re: lscpu possible crash in min/max frequency

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1771345@xxxxxxxxxxxxxxxxxx>
Date: Thu, 24 May 2018 16:05:34 -0000
Reply-to: Bug 1771345 <1771345@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package util-linux - 2.32-0.1ubuntu1

---------------
util-linux (2.32-0.1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Build hwclock with audit support.
    - Drop debian/hwclock.rules and hwclock.default, recent kernels sync the
      RTC automatically.
    - Add sulogin-fallback-static-sh.patch: Add support for /bin/static-sh as
      fallback if the regular shell fails to execute. Patch ported from
      sysvinit. (see LP #505887)
    - Add sulogin-lockedpwd.patch: Make sure file systems can be fixed on
      machines with locked root accounts (as Ubuntu does by default). Don't
      require --force for sulogin.
    - Drop the Breaks: cloud-utils, Ubuntu has a different cloud-utils
      packaging and this does not affect Ubuntu ≥ 16.04 any more.
    - Add debian/util-linux.maintscript to clean upstart jobs on upgrade. This
      needs to be kept until after 18.04 LTS.
    - Clean up weekly fstrim cron file, now a systemd timer unit.
    - Remove obsolete upstart job files on upgrade of rfkill.  This change
      can be dropped after Ubuntu 18.04.
    - Update s390-tools breaks/replaces, to the correct version for ubuntu.
    - Enable fstrim.timer by default.
  * Dropped changes, merged upstream:
    - Cherrypick upstream patches to add zones support to lsmem/chmem.
    - lscpu: Decode ARM CPUs (patch taken from 2.32)
  * Bugs fixed in new upstream release:
    - possible crash in min/max frequency (LP: #1771345)

util-linux (2.32-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  [ Ben Hutchings ]
  * debian/control: Remove mention of minimum kernel version for rfkill

  [ Laurent Bigonville ]
  * New upstream release.
    - Drop all the patches merged upstream
  * debian/libfdisk1.symbols: Add new exported symbols

util-linux (2.31.1-0.5) unstable; urgency=medium

  * Non-maintainer upload.

  [ Laurent Bigonville ]
  * debian/rules: Enable SMACK support for libmount
  * Enable audit support (Closes: #745771)

  [ Salvatore Bonaccorso ]
  * bash-completion: (umount) use findmnt, escape a space in paths.
    (CVE-2018-7738)
    Fixes "code execution in bash-completion for umount". (Closes: #892179)

util-linux (2.31.1-0.4ubuntu4) cosmic; urgency=medium

  * No-change rebuild for ncurses soname changes.

 -- Julian Andres Klode <juliank@xxxxxxxxxx>  Tue, 15 May 2018 15:45:21
+0200

** Changed in: util-linux (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7738

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1771345

Title:
  lscpu possible crash in min/max frequency

Status in util-linux package in Ubuntu:
  Fix Released
Status in util-linux source package in Xenial:
  Fix Committed
Status in util-linux source package in Artful:
  Fix Released
Status in util-linux source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream:

  from 2.30: https://github.com/karelzak/util-
  linux/commit/0145d84a381fc2fcd7d37e0dbf3d9dff69609ecd

  from 2.32: https://github.com/karelzak/util-
  linux/commit/95f09bc63c564c50ec2c393352801cc056faaea2

  I plan to backport them to xenial (both patches); and artful, bionic
  (second patch, they are > 2.30).

  [Regression potential]
  The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop.

  [Test case]
  Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash (this removes min mhz file for cpu #0 for testing).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1771345/+subscriptions