| Summary: | flightgear new format string vulnerability | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, lists.jjorge, sysadmin-bugs |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/552175/ | ||
| Whiteboard: | MGA2TOO mga3-32-ok MGA3-64-OK MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | flightgear-2.10.0-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-05-29 22:57:05 CEST
David Walser
2013-05-29 22:57:12 CEST
Whiteboard:
(none) =>
MGA3TOO, MGA2TOO I have uploaded a patched/updated package for Mageia 2 and 3. As the patch is simply copied from Fedora, and I have found no exploit for it, I suggest to only ensure Flightgear still works lauching it with fgfs. Be carefull as it needs at least 2GB RAM and a good 3D video card. Suggested advisory: ======================== Updated flightgear packages fix security vulnerabilities: It was reported [1] that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://lwn.net/Vulnerabilities/552175/ http://pkgs.fedoraproject.org/cgit/FlightGear.git/commit/?id=0c3bbb0f10bb7f313d3ae627b6fbcccfbbc224c3 ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Status:
NEW =>
ASSIGNED
José Jorge
2013-06-02 22:08:15 CEST
Assignee:
lists.jjorge =>
qa-bugs Thanks José! The FlightGear blog post has an exploit. Just tweaking the advisory a bit (removing [1], adding line endings, and fixing references). Suggested advisory: ======================== Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.1.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Version:
Cauldron =>
3
David Walser
2013-06-02 22:13:40 CEST
CC:
(none) =>
lists.jjorge Sorry, the following package cannot be selected: - flightgear-2.10.0-1.1.mga3.x86_64 (due to unsatisfied flightgear-base[== 2.10.0-1.1.mga3]) $ rpm -qa | grep flightgear flightgear-2.10.0-1.mga3 flightgear-data-2.10.0-1.mga3 Indeed, line 27 in this change is incorrect: http://svnweb.mageia.org/packages/cauldron/flightgear/current/SPECS/flightgear.spec?r1=389214&r2=399096 You can't require %{version}-%{release} if it's coming from a different SRPM (flightgear-base is provided by flightgear-data). You should just require %{version} at most. Is there a specific reason it's using flightgear-base instead of flightgear-data for the require? That just seems pointless and confusing. Looking at the svnweb link, it seems it also changes the rpm group to Games/Other from Games/Simulation (In reply to claire robinson from comment #5) > Looking at the svnweb link, it seems it also changes the rpm group to > Games/Other from Games/Simulation Oh yes, this category did not exist for in our rpm groups policy at the time. I bring it back. So this is now 3 subrel, 1 and 2 are to be removed. flightgear-2.10.0-1.3.mga3 Thanks José. Updating the subrel in the packages. Suggested advisory: ======================== Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html ======================== Updated packages in core/updates_testing: ======================== MGA3 flightgear-2.10.0-1.3.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Source RPMs: MGA3 flightgear-2.10.0-1.3.mga3 MGA2 flightgear-2.6.0-2.3.mga2 Testing completed mga3 32 Just followed the in game tutorial a bit. Whiteboard:
MGA2TOO =>
MGA2TOO mga3-32-ok Testing complete Mageia 3 x86_64, Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm flightgear-2.10.0-1.3.mga3 from Mageia 3 Core Updates Testing to Core Updates and the srpm flightgear-2.6.0-2.3.mga2 from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated flightgear package fixes security vulnerability: It was reported that FlightGear suffers from improper handling of format strings when FlightGear is started with allowances for remote access (via the --props or --telnet commandline arguments). If a remote attacker were able to connect to FlightGear and set special parameters related with clouds, it could cause FlightGear to crash. References: http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106922.html https://bugs.mageia.org/show_bug.cgi?id=10351 Keywords:
(none) =>
validated_update Packages have been pushed to updates. Status:
ASSIGNED =>
RESOLVED
Nicolas Vigier
2014-05-08 18:05:23 CEST
CC:
boklm =>
(none) |