Bug 3375 - tftp buffer overflow
: tftp buffer overflow
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-10 13:08 MSK by Denis Silakov
Modified: 2013-12-20 13:22 MSK (History)
3 users (show)

See Also:
RPM Package: tftp
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
danila.leontiev: secteam_verified+
alex.burmashev: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Silakov 2013-12-10 13:08:48 MSK
tftp 127.0.0.1 -c get testfile
*** buffer overflow detected ***: tftp terminated
======= Backtrace: =========
/lib/i686/libc.so.6(__fortify_fail+0x45)[0xb768a775]
/lib/i686/libc.so.6(+0xe96c7)[0xb76886c7]
/lib/i686/libc.so.6(+0xe89fd)[0xb76879fd]

*** buffer overflow detected ***: tftp terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f2ec4dfe8e7]
/lib64/libc.so.6(+0xee8d0)[0x7f2ec4dfc8d0]
/lib64/libc.so.6(__libc_start_main+0xed)[0x7f2ec4d2f14d]
Comment 1 Denis Silakov 2013-12-10 13:09:46 MSK
Advisory:

Updated tftp to version 5.1 that fixes several issues including buffer overflow.

Build lists:
https://abf.rosalinux.ru/build_lists/1487247
https://abf.rosalinux.ru/build_lists/1487235
Comment 2 Alexander Petryakov 2013-12-18 01:22:36 MSK
Container http://abf-downloads.rosalinux.ru/rosa2012lts/container/1487247/x86_64/main/ is empty
Comment 3 Denis Silakov 2013-12-18 11:14:31 MSK
Please use this one:

http://abf-downloads.rosalinux.ru/rosa2012lts/container/1490790/x86_64/main/release/
Comment 4 Denis Silakov 2013-12-18 12:13:05 MSK
Updated build lists - I have disabled postinstall scripts in the same way as in bug #3376. tftp server is now enabled by default in xinetd config, but you should restart xinetd manually to really start tftp server.

Advisory:

Updated tftp to version 5.1 that fixes several issues including buffer overflow.

Build lists:
https://abf.rosalinux.ru/build_lists/1490811
https://abf.rosalinux.ru/build_lists/1490810
Comment 5 Alexander Petryakov 2013-12-20 00:06:16 MSK
tftp-5.1-6
************** Advisory **************
Updated tftp to version 5.1 that fixes several issues including buffer overflow.
**************************************
QA Verified