[Bug 1926379] Re: stack smashing attack detected in bash host tab completion

Steve Langasek 1926379 at bugs.launchpad.net
Mon Dec 13 06:03:02 UTC 2021 

Hello Seth, or anyone else affected,

Accepted glibc into focal-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.4
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: glibc (Ubuntu Focal)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1926379

Title:
  stack smashing attack detected in bash host tab completion

Status in glibc package in Ubuntu:
  Confirmed
Status in glibc source package in Focal:
  Fix Committed

Bug description:
  Hello, this is a speculative bug report at best.

  In some long-lived bash terminals, tab completion of hostnames on ping
  or ssh commands is printing the glibc stack smashing attempt error
  message:

  $ ping goog*** stack smashing detected ***: terminated
  ^C
  $ ssh local*** stack smashing detected ***: terminated
  host ^C

  I installed the glibc update 2.31-0ubuntu9.3
  https://lists.ubuntu.com/archives/focal-changes/2021-April/024256.html
  earlier today. Shells started *after* this update work fine. Shells
  started before this update show this behaviour.

  $ cat /proc/$$/maps
  55f1986be000-55f1986eb000 r--p 00000000 00:1c 337406                     /usr/bin/bash
  55f1986eb000-55f19879c000 r-xp 0002d000 00:1c 337406                     /usr/bin/bash
  55f19879c000-55f1987d3000 r--p 000de000 00:1c 337406                     /usr/bin/bash
  55f1987d3000-55f1987d7000 r--p 00114000 00:1c 337406                     /usr/bin/bash
  55f1987d7000-55f1987e0000 rw-p 00118000 00:1c 337406                     /usr/bin/bash
  55f1987e0000-55f1987ea000 rw-p 00000000 00:00 0 
  55f19a673000-55f19b057000 rw-p 00000000 00:00 0                          [heap]
  7f29171e9000-7f29171ec000 r--p 00000000 00:1c 811498                     /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
  7f29171ec000-7f29171f3000 r-xp 00003000 00:1c 811498                     /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
  7f29171f3000-7f29171f5000 r--p 0000a000 00:1c 811498                     /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
  7f29171f5000-7f29171f6000 r--p 0000b000 00:1c 811498                     /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
  7f29171f6000-7f29171f7000 rw-p 0000c000 00:1c 811498                     /usr/lib/x86_64-linux-gnu/libnss_files-2.31.so (deleted)
  7f29171f7000-7f29171fd000 rw-p 00000000 00:00 0 
  7f2917210000-7f2917553000 r--p 00000000 00:1c 813840                     /usr/lib/locale/locale-archive (deleted)
  7f2917553000-7f2917556000 rw-p 00000000 00:00 0 
  7f2917556000-7f291757b000 r--p 00000000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f291757b000-7f29176f3000 r-xp 00025000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f29176f3000-7f291773d000 r--p 0019d000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f291773d000-7f291773e000 ---p 001e7000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f291773e000-7f2917741000 r--p 001e7000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f2917741000-7f2917744000 rw-p 001ea000 00:1c 811482                     /usr/lib/x86_64-linux-gnu/libc-2.31.so (deleted)
  7f2917744000-7f2917748000 rw-p 00000000 00:00 0 
  7f2917748000-7f2917749000 r--p 00000000 00:1c 811484                     /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
  7f2917749000-7f291774b000 r-xp 00001000 00:1c 811484                     /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
  7f291774b000-7f291774c000 r--p 00003000 00:1c 811484                     /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
  7f291774c000-7f291774d000 r--p 00003000 00:1c 811484                     /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
  7f291774d000-7f291774e000 rw-p 00004000 00:1c 811484                     /usr/lib/x86_64-linux-gnu/libdl-2.31.so (deleted)
  7f291774e000-7f291775c000 r--p 00000000 00:1c 659440                     /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
  7f291775c000-7f291776b000 r-xp 0000e000 00:1c 659440                     /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
  7f291776b000-7f2917779000 r--p 0001d000 00:1c 659440                     /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
  7f2917779000-7f291777d000 r--p 0002a000 00:1c 659440                     /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
  7f291777d000-7f291777e000 rw-p 0002e000 00:1c 659440                     /usr/lib/x86_64-linux-gnu/libtinfo.so.6.2
  7f291777e000-7f2917780000 rw-p 00000000 00:00 0 
  7f291778c000-7f2917793000 r--s 00000000 00:1c 813296                     /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache (deleted)
  7f2917793000-7f2917794000 r--p 00000000 00:1c 811474                     /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
  7f2917794000-7f29177b7000 r-xp 00001000 00:1c 811474                     /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
  7f29177b7000-7f29177bf000 r--p 00024000 00:1c 811474                     /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
  7f29177c0000-7f29177c1000 r--p 0002c000 00:1c 811474                     /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
  7f29177c1000-7f29177c2000 rw-p 0002d000 00:1c 811474                     /usr/lib/x86_64-linux-gnu/ld-2.31.so (deleted)
  7f29177c2000-7f29177c3000 rw-p 00000000 00:00 0 
  7ffd864bb000-7ffd864dc000 rw-p 00000000 00:00 0                          [stack]
  7ffd865b4000-7ffd865b7000 r--p 00000000 00:00 0                          [vvar]
  7ffd865b7000-7ffd865b8000 r-xp 00000000 00:00 0                          [vdso]
  ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
  $ 

  
  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libc6 2.31-0ubuntu9.3
  ProcVersionSignature: Ubuntu 5.4.0-71.79-generic 5.4.101
  Uname: Linux 5.4.0-71-generic x86_64
  NonfreeKernelModules: lkp_Ubuntu_5_4_0_71_79_generic_76 zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue Apr 27 23:30:08 2021
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: glibc
  UpgradeStatus: Upgraded to focal on 2020-01-24 (459 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1926379/+subscriptions

More information about the foundations-bugs mailing list