[Bug 824025] New: dosfslabel from dosfstools crashes with buffer overflow
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c0 Summary: dosfslabel from dosfstools crashes with buffer overflow Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: danielstefanmader@googlemail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 Since 2010, the packaged version of dosfstools cannot be used to change the volume label of a VFAT filesystem (without reformatting) because the tool crashes with a buffer overflow. See also here: https://bugs.archlinux.org/task/34193 Please update to the latest version of dosfstools: http://daniel-baumann.ch/software/dosfstools/ Reproducible: Always Steps to Reproduce: 1. dosfslabel /dev/sdb1 ANAME -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c FeiXiang Zhang <fxzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |pgajdos@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c1 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |danielstefanmader@googlemai | |l.com --- Comment #1 from Petr Gajdos <pgajdos@suse.com> 2013-06-14 03:48:58 UTC --- It is done in factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c2 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|danielstefanmader@googlemai |maintenance@opensuse.org |l.com | --- Comment #2 from Petr Gajdos <pgajdos@suse.com> 2013-06-14 03:49:56 UTC --- Will we do an update for 12.3? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c3 --- Comment #3 from Petr Gajdos <pgajdos@suse.com> 2013-06-14 04:44:31 UTC --- Ouch, it seems that this crash (we had more bug reports in the past) happens only if dosfstools is compiled with -O2 and right after mkdosfs. If label is created yet, no crash happens. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c4 --- Comment #4 from Petr Gajdos <pgajdos@suse.com> 2013-06-14 04:59:39 UTC --- I can confirm that 3.0.20 has a fix, while 3.0.16 doesn't. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c5 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |meissner@suse.com InfoProvider|maintenance@opensuse.org | --- Comment #5 from Marcus Meissner <meissner@suse.com> 2013-06-14 05:06:45 UTC --- just submit the fix, its good for an update. ( -D_FORTIFY_SOURCE=2 is only active in -O2 or higher) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c6 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |danielstefanmader@googlemai | |l.com --- Comment #6 from Petr Gajdos <pgajdos@suse.com> 2013-06-14 06:12:19 UTC --- Ah, ok. Daniel, could you please test package from http://download.opensuse.org/repositories/home:/pgajdos:/maintenance:/dosfst... ? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c7 --- Comment #7 from Daniel Mader <danielstefanmader@googlemail.com> 2013-06-14 13:06:57 UTC --- Hi Petr and Marcus, thanks for this extraordinary quick fix! I can confirm that both packages work: dosfstools-3.0.10-22.3.1.x86_64.rpm dosfstools-3.0.10-26.4.1.x86_64.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c8 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|danielstefanmader@googlemai | |l.com | Resolution| |FIXED --- Comment #8 from Petr Gajdos <pgajdos@suse.com> 2013-06-17 04:27:44 UTC --- mr#179275 Daniel, thanks for reporting! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=824025 https://bugzilla.novell.com/show_bug.cgi?id=824025#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2013-06-24 04:04:33 UTC --- openSUSE-RU-2013:1069-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 824025 CVE References: Sources used: openSUSE 12.3 (src): dosfstools-3.0.10-26.4.1 openSUSE 12.2 (src): dosfstools-3.0.10-22.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com