[Secure-testing-team] Bug#619857: erlang: Urgend warning to upgrade to R14B02

Michael Gebetsroither michael at mgeb.org
Sun Mar 27 19:33:58 UTC 2011 

Package: erlang
Version: 1:14.b.1-dfsg-1
Severity: critical
Tags: security
Justification: causes serious data loss


Hi Sergei,

There are numerous bugs in R14A, R14B, R14B01 which are all fixed in R14B02.
Including some nasty bugs in the (de)serialization of erlang terms which
might have security implications and silent data-corruption bugs within the erlang VM.
Even silent data-corruption bugs in part of the erlang system for
external data, so it might be possible that user already suffer from great
data-loss without acutally knowing! (hope no user stored rc4 encrypted
data with the erlang vm from debian stable)

Ejabberd even disapproves use of R14A and R14B due to bugs. [1]

Most bugs listed below range from silent data corruption to possible
remote exploitation to erlang vm crash, so clearly bugs which should be fixed in squeeze.

Just a small overview of bugs:
crypto:
   - multiple memory leaks OTP-8810
   - rc4 not working correctly (silent data corruption) OTP-8781
erl_interface:
   - ei: prevent overflow in ei_connect_init and ei_xconnect OTP-8814
   - erl_call: fix multiple buffer overflows OTP-8827
   - Check the length of the node name to prevent an overflow OTP-8943
   - erl_term_len() in erl_interface could returned wrong length OTP-8945
erts:
   - error with list_to_float("1.0e-324") in some VMs OTP-7178
   - Fix faulty 64-bit integer term output from drivers (crash or silent data corruption) OTP-8716
   - gen_udp:connect/3 was broken for SCTP enabled builds. OTP-8729
   - Removed some potential vulnerabilities from epmd OTP-8780
   - wrong return code for http sockets {ok,{http_error,String}} OTP-8831
   - Multiple Buffer overflows have been prevented OTP-8892
   - The ERTS internal rwlock implementation could get into an inconsistent state OTP-8925
   - Some malformed distribution messages could cause VM to crash OTP-8993
   - A bug in the exit/2 BIF could potentially cause an emulator crash OTP-9005
   - Potentially emulator crash when deleting an ETS-table OTP-8999
   - Attempting to create binaries exceeding 2Gb (using for
          example term_to_binary/1) would crash the emulator OTP-9117
hipe:
   - Fix bug in the simplification of inexact comparisons OTP-9101
kernel:
   - inet:getsockopt for SCTP sctp_default_send_param, random answers OTP-8795
stdlib:
   - race condition/silent data corruption in dets OTP-8898

Changelogs:
http://www.erlang.org/download/otp_src_R14B.readme
http://www.erlang.org/download/otp_src_R14B01.readme
http://www.erlang.org/download/otp_src_R14B02.readme

[1]: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.6

michael

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.36-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages erlang depends on:
ii  erlang-appmon            1:14.b.1-dfsg-1 Erlang/OTP application monitor
ii  erlang-asn1              1:14.b.1-dfsg-1 Erlang/OTP modules for ASN.1 suppo
ii  erlang-base              1:14.b.1-dfsg-1 Erlang/OTP virtual machine and bas
ii  erlang-common-test       1:14.b.1-dfsg-1 Erlang/OTP application for automat
ii  erlang-corba             1:14.b.1-dfsg-1 Erlang/OTP applications for CORBA 
ii  erlang-crypto            1:14.b.1-dfsg-1 Erlang/OTP cryptographic modules
ii  erlang-debugger          1:14.b.1-dfsg-1 Erlang/OTP application for debuggi
ii  erlang-dev               1:14.b.1-dfsg-1 Erlang/OTP development libraries a
ii  erlang-dialyzer          1:14.b.1-dfsg-1 Erlang/OTP discrepancy analyzer ap
ii  erlang-docbuilder        1:14.b.1-dfsg-1 Erlang/OTP application for buildin
ii  erlang-edoc              1:14.b.1-dfsg-1 Erlang/OTP module for generating d
ii  erlang-erl-docgen        1:14.b.1-dfsg-1 Erlang/OTP documentation styleshee
ii  erlang-et                1:14.b.1-dfsg-1 Erlang/OTP event tracer applicatio
ii  erlang-eunit             1:14.b.1-dfsg-1 Erlang/OTP module for unit testing
ii  erlang-gs                1:14.b.1-dfsg-1 Erlang/OTP graphics system
ii  erlang-ic                1:14.b.1-dfsg-1 Erlang/OTP IDL compiler
ii  erlang-inets             1:14.b.1-dfsg-1 Erlang/OTP Internet clients and se
ii  erlang-inviso            1:14.b.1-dfsg-1 Erlang/OTP trace tool
ii  erlang-megaco            1:14.b.1-dfsg-1 Erlang/OTP implementation of Megac
ii  erlang-mnesia            1:14.b.1-dfsg-1 Erlang/OTP distributed relational/
ii  erlang-observer          1:14.b.1-dfsg-1 Erlang/OTP application for investi
ii  erlang-odbc              1:14.b.1-dfsg-1 Erlang/OTP interface to SQL databa
ii  erlang-os-mon            1:14.b.1-dfsg-1 Erlang/OTP operating system monito
ii  erlang-parsetools        1:14.b.1-dfsg-1 Erlang/OTP parsing tools
ii  erlang-percept           1:14.b.1-dfsg-1 Erlang/OTP concurrency profiling t
ii  erlang-pman              1:14.b.1-dfsg-1 Erlang/OTP process manager
ii  erlang-public-key        1:14.b.1-dfsg-1 Erlang/OTP public key infrastructu
ii  erlang-reltool           1:14.b.1-dfsg-1 Erlang/OTP release management tool
ii  erlang-runtime-tools     1:14.b.1-dfsg-1 Erlang/OTP runtime tracing/debuggi
ii  erlang-snmp              1:14.b.1-dfsg-1 Erlang/OTP SNMP applications
ii  erlang-ssh               1:14.b.1-dfsg-1 Erlang/OTP implementation of SSH p
ii  erlang-ssl               1:14.b.1-dfsg-1 Erlang/OTP implementation of SSL
ii  erlang-syntax-tools      1:14.b.1-dfsg-1 Erlang/OTP modules for handling ab
ii  erlang-test-server       1:14.b.1-dfsg-1 Erlang/OTP server for automated ap
ii  erlang-toolbar           1:14.b.1-dfsg-1 Erlang/OTP graphical toolbar
ii  erlang-tools             1:14.b.1-dfsg-1 Erlang/OTP various tools
ii  erlang-tv                1:14.b.1-dfsg-1 Erlang/OTP table viewer
ii  erlang-typer             1:14.b.1-dfsg-1 Erlang/OTP code type annotator
ii  erlang-webtool           1:14.b.1-dfsg-1 Erlang/OTP helper for web-based to
ii  erlang-wx                1:14.b.1-dfsg-1 Erlang/OTP bindings to wxWidgets
ii  erlang-xmerl             1:14.b.1-dfsg-1 Erlang/OTP XML tools

Versions of packages erlang recommends:
pn  erlang-examples          <none>          (no description available)
pn  erlang-ic-java           <none>          (no description available)
pn  erlang-jinterface        <none>          (no description available)
pn  erlang-mode              <none>          (no description available)
ii  erlang-src               1:14.b.1-dfsg-1 Erlang/OTP applications sources

Versions of packages erlang suggests:
pn  erlang-doc               <none>          (no description available)
ii  erlang-manpages          1:13.b.4-dfsg-4 Erlang/OTP manual pages

-- no debconf information

More information about the Secure-testing-team mailing list