group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1865032] Re: [UBUNTU] zipl/libc: Fix potential buffer overflow in printf

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1865032@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Mar 2020 20:55:21 -0000
Reply-to: Bug 1865032 <1865032@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package s390-tools - 2.12.0-0ubuntu3

---------------
s390-tools (2.12.0-0ubuntu3) focal; urgency=medium

  * Update patch series to master tip:
    - PVM / genprotimg LP: #1834534, FFe LP: #1866866
    - zipl/libc: Fix potential buffer overflow LP: #1865032
    - zipl: Fix secureboot documentation LP: #1864654
    - Many other smaller bugfixes

 -- Dimitri John Ledkov <xnox@xxxxxxxxxx>  Fri, 20 Mar 2020 12:08:13
+0000

** Changed in: s390-tools (Ubuntu Focal)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1865032

Title:
  [UBUNTU] zipl/libc: Fix potential buffer overflow in printf

Status in Ubuntu on IBM z Systems:
  Triaged
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools source package in Xenial:
  New
Status in s390-tools source package in Bionic:
  New
Status in s390-tools source package in Eoan:
  New
Status in s390-tools source package in Focal:
  Fix Released

Bug description:
  Description:   zipl/libc: Fix potential buffer overflow in printf
  Symptom:       Crash of the zipl boot loader during boot.
  Problem:       The zipl boot loaders have their own minimalistic libc
                 implementation. In it printf and sprintf use vsprintf for string
                 formatting. Per definition vsprintf assumes that the buffer it
                 writes to is large enough to contain the formatted string and
                 performs no size checks. This is problematic for the boot
                 loaders because the buffer they use are often allocated on the
                 stack. Thus even small changes to the string format can
                 potentially cause buffer overflows on the stack.

  Solution:      Implement vsnprintf and make use of it.

  Reproduction:  Use printf to print a string with >81 characters (exact number
                 depends on the stack layout/compiler used).

  Upstream commit(s) for s390-tools:
  6fe9e6c55c69c14971dca55551009f5060418aae
  8874b908254c47c8a6fd7a1aca2c7371c11035c4
  f7430027b41d5ad6220e962a179c2a5213330a44
  36fed0e6c6590631c4ce1707c8fe3c3397bcce4d

  
  Problem was introduced with version 1.24. Therefore these patches need to be applied to all distros in service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1865032/+subscriptions