Bug 3376 - tftp buffer overflow
: tftp buffer overflow
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-10 13:10 MSK by Denis Silakov
Modified: 2013-12-20 11:53 MSK (History)
4 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
alexander.petryakov: qa_verified+
danila.leontiev: secteam_verified+
alex.burmashev: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Silakov 2013-12-10 13:10:25 MSK
tftp in Desktop Fresh suffers from the same issue as in Marathon (bug #3375).
Comment 1 Denis Silakov 2013-12-10 13:11:09 MSK
Advisory:

Updated tftp to version 5.1 that fixes several issues including buffer overflow.

Build lists:
https://abf.rosalinux.ru/build_lists/1487250
https://abf.rosalinux.ru/build_lists/1487237
Comment 2 Alexander Petryakov 2013-12-18 00:23:37 MSK
In during install there is error:
 
Подготовка...                    ###################################################################################################################
      1/2: tftp-server           ###################################################################################################################
Failed to issue method call: Unit tftp.service failed to load: No such file or directory. See system logs and 'systemctl status tftp.service' for details.
error: %post(tftp-server-5.1-5.i586) scriptlet failed, exit status 6

#systemctl status tftp.service
tftp.service
   Loaded: error (Reason: No such file or directory)
   Active: inactive (dead)
Comment 3 Vladimir Potapov 2013-12-18 06:28:50 MSK
The update set up to my system without erorors. But one container is empty.
Comment 5 Denis Silakov 2013-12-18 11:25:36 MSK
Hm, wait a little, Alexander really discovered an issue with post scripts. Our tftp server is managed by xinetd, so there is no need to run %_post_service scriptlets.

Btw, Alexander, to start tftp-server, you should first edit /etc/xinetd.d/tftp file and change "disable" flag to "no". Then you should restart xinetd:

# systemctl restart xinetd

Then you can get some statistics about xinetd services by running 

# systemctl status xinetd
Comment 6 Denis Silakov 2013-12-18 12:12:19 MSK
Updated build lists - I have disabled postinstall scripts. tftp server is now enabled by default in xinetd config, but you should restart xinetd manually ("systemctl restart xinetd") to really start tftp server. I think we should not  restart xinetd automatically in postinstall scirpts, since there can be other services running by xinetd and we can break some ongoing processes. 

Advisory:

Updated tftp to version 5.1 that fixes several issues including buffer overflow.

Build lists:
https://abf.rosalinux.ru/build_lists/1490809
https://abf.rosalinux.ru/build_lists/1490808
Comment 7 Alexander Petryakov 2013-12-19 01:09:38 MSK
tftp-5.1-6
************** Advisory **************
Updated tftp to version 5.1 that fixes several issues including buffer overflow.
**************************************
QA Verified