[Bug 413278]

Sun Oct 24 10:03:23 UTC 2021

http://www.ремонты-квартир.com/
http://www.дизайн-квартиры.com/
http://www.о-ремонте.com/
http://www.о-заборах.com/
http://www.bsegypt.com/
http://www.buyingrealty.net/
http://www.khersonnews.com/
http://www.kontrolstroy.info/
http://www.sama-mama.com/
http://www.secretovnet.org/
http://www.teleriko.com/
http://www.us-best-store.com/
http://www.віктор.com/
http://www.accord-hotel.ru/
http://releazer.ru/
http://www.a-n-e-k-d-o-t.ru/
http://www.adhan.ru/
https://www.al-aures.ru/
http://www.apriori-design.ru/
https://artdoski.ru/
http://www.bombusmod.net.ru/
http://www.canadianahealthandcaremallreviews.ru/
http://www.celestiaproject.ru/
http://www.cryptogu.ru/
http://www.downloadskypefree.ru/
http://www.encyclopedia-flowers.ru/
http://www.factura.net.ru/
https://freewizards.ru/
https://futurefactory.ru/
http://glina-med.ru/
https://google-dmoz.ru/
https://iix.su/
http://www.imperia51.ru/
http://www.info-tehnologii.ru/
http://www.kvartira-v-bolgarii.ru/
http://ljubi-i-pozdravljaj.ru/
http://www.majesticarticles.ru/
http://www.onlinecredit247.ru/
http://www.orfey.net.ru/
http://www.pgpk.net.ru/
http://www.rainbow.net.ru/
https://www.rainbowbaby.ru/
https://www.respublika-okon.ru/
http://ribku-lovim.ru/
https://rusorchestra.ru/
https://shmoscow.ru/
http://www.skifspb.ru/
http://www.spare.net.ru/
http://www.stranainform.ru/
http://www.taxi-smile.ru/
http://www.tkanishik.ru/
https://www.tremulous.net.ru/
http://trust-women.ru/
https://uralbel.ru/
http://www.yar-art-union.ru/
http://www.xn----7sbcngq4awkg0k.xn--p1ai/
http://www.xn----7sbbmgbytlh3a0ll.xn--p1ai/
http://www.xn--35-mlcuxidl.xn--p1ai/
http://www.xn--f1addf1alkk1d.xn--p1ai/
http://www.history-of-great-discoveries.com/
http://www.it-business-trends.com
http://www.interesting-history-of-art.com
http://www.interesting-news-about-cars.com
http://www.architecture-and-design-news.com
https://ремонты-квартир.com/
https://дизайн-квартиры.com/
https://о-ремонте.com/
https://о-заборах.com/
https://bsegypt.com/
https://buyingrealty.net/
https://khersonnews.com/
https://kontrolstroy.info/
https://sama-mama.com/
https://secretovnet.org/
https://teleriko.com/
https://us-best-store.com/
https://віктор.com/
https://accord-hotel.ru/
https://www.releazer.ru/
https://a-n-e-k-d-o-t.ru/
https://adhan.ru/
http://al-aures.ru/
https://apriori-design.ru/
http://www.artdoski.ru/
https://bombusmod.net.ru/
https://canadianahealthandcaremallreviews.ru/
https://celestiaproject.ru/
https://cryptogu.ru/
https://downloadskypefree.ru/
https://encyclopedia-flowers.ru/
https://factura.net.ru/
http://www.freewizards.ru/
http://www.futurefactory.ru/
https://www.glina-med.ru/
http://www.google-dmoz.ru/
http://www.iix.su/
https://imperia51.ru/
https://info-tehnologii.ru/
https://kvartira-v-bolgarii.ru/
https://www.ljubi-i-pozdravljaj.ru/
https://majesticarticles.ru/
https://onlinecredit247.ru/
https://orfey.net.ru/
https://pgpk.net.ru/
https://rainbow.net.ru/
http://rainbowbaby.ru/
http://respublika-okon.ru/
https://www.ribku-lovim.ru/
http://www.rusorchestra.ru/
http://www.shmoscow.ru/
https://skifspb.ru/
https://spare.net.ru/
https://stranainform.ru/
https://taxi-smile.ru/
https://tkanishik.ru/
http://tremulous.net.ru/
https://www.trust-women.ru/
http://www.uralbel.ru/
https://yar-art-union.ru/
https://xn----7sbcngq4awkg0k.xn--p1ai/
https://xn----7sbbmgbytlh3a0ll.xn--p1ai/
https://xn--35-mlcuxidl.xn--p1ai/
https://xn--f1addf1alkk1d.xn--p1ai/
https://history-of-great-discoveries.com/
https://it-business-trends.com
https://interesting-history-of-art.com
https://interesting-news-about-cars.com
https://architecture-and-design-news.com

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/413278

Title:
  stack protector guard value does not lead with a NULL byte

Status in GLibC:
  Fix Released
Status in eglibc package in Ubuntu:
  Fix Released
Status in glibc package in Ubuntu:
  Invalid
Status in eglibc source package in Jaunty:
  Invalid
Status in glibc source package in Jaunty:
  Fix Released
Status in eglibc source package in Karmic:
  Fix Released
Status in glibc source package in Karmic:
  Invalid

Bug description:
  IMPACT: stack protections are weakened due to strcpy function being able to write the stack guard (since it does not start with a zero byte).
  ADDRESSED: correctly implement leading zero, as done in Karmic.
  DISCUSSION: regression potential is low, since the patch is isolated and well tested.

  TEST CASE:
  $ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master qa-regression-testing
  $ cd qa-regression-testing/scripts
  $ ./test-glibc-security.py -v
  Build helper tools ... (9.10) ok
  glibc heap protection ... ok
  sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok
  glibc pointer obfuscation ... ok
  Password hashes ...  (sha512) ok
  Stack guard exists ... ok
  Stack guard leads with zero byte ... FAIL
  Stack guard is randomized ... ok

  ======================================================================
  FAIL: Stack guard leads with zero byte
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero
      self.assertEqual(one.startswith('00 '), expected, one)
  AssertionError: 62 55 59 69 cd 20 39 80 

  ----------------------------------------------------------------------
  Ran 8 tests in 0.145s

  FAILED (failures=1)

  expected outcome: 0 failures.

  ProblemType: Bug
  Architecture: amd64
  Date: Thu Aug 13 13:59:02 2009
  Dependencies:
   findutils 4.4.2-1
   gcc-4.4-base 4.4.1-1ubuntu3
   libc6 2.10.1-0ubuntu6
   libgcc1 1:4.4.1-1ubuntu3
  DistroRelease: Ubuntu 9.10
  Package: libc6 2.10.1-0ubuntu6
  ProcEnviron:
   LANGUAGE=en_US.UTF-8
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcVersionSignature: Ubuntu 2.6.31-5.24-generic
  SourcePackage: eglibc
  Uname: Linux 2.6.31-5-generic x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/glibc/+bug/413278/+subscriptions