| Summary: | nas new security issues CVE-2013-425[6-8] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, oe, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/568669/ | ||
| Whiteboard: | MGA2TOO mga3-64-ok mga3-32-ok mga2-32-ok mga2-64-ok | ||
| Source RPM: | nas-1.9.3-2.mga3.src.rpmq | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-09-27 20:10:19 CEST
David Walser
2013-09-27 20:10:28 CEST
Whiteboard:
(none) =>
MGA3TOO, MGA2TOO Fixed packages has been submitted for all. NOTE: CVE-2013-4258 was already fixed with the nas-1.9.2-fix-str-fmt.patch patch in mga2 -> cauldron. CC:
(none) =>
oe Thanks Oden! Advisory: ======================== Updated nas packages fix security vulnerabilities: Buffer overflow when parsing display number and various other buffer overflows (CVE-2013-4256). Heap overflow when using AUDIOHOST environment variable (CVE-2013-4257). Race when opening a TCP device (nas#289). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4257 http://sourceforge.net/p/nas/code/289/ https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117049.html ======================== Updated packages in core/updates_testing: ======================== nas-1.9.2-6.1.mga2 libnas2-1.9.2-6.1.mga2 libnas-devel-1.9.2-6.1.mga2 libnas-static-devel-1.9.2-6.1.mga2 nas-1.9.3-2.1.mga3 libnas2-1.9.3-2.1.mga3 libnas-devel-1.9.3-2.1.mga3 libnas-static-devel-1.9.3-2.1.mga3 from SRPMS: nas-1.9.2-6.1.mga2.src.rpm nas-1.9.3-2.1.mga3.src.rpm Version:
Cauldron =>
3 Some basic info for testing: http://radscan.com/nas/nas-README.txt Additionally, someone should sync the systemd scripts with fedora to get rid of the sysv scripts. Testing mga3 64 Before ------ I don't think this is working. # service nasd start Starting nasd (via systemctl): [ OK ] # auinfo auinfo: unable to connect to audio server # auinfo -audio localhost auinfo: unable to connect to audio server # nasd -aa Network Audio System Release 1.9.3 Network Audio System Release 1.9.3 Init: Output open(/dev/dsp) failed: No such file or directory Fatal server error: could not create audio connection block info Oops, I skipped a step and maybe shouldn't run it as root anyway :\ # service nasd start Starting nasd (via systemctl): [ OK ] $ export AUDIOSERVER="`hostname`:0" It still fails though. Checked the hostname was correct.. $ echo $AUDIOSERVER $ auinfo auinfo: unable to connect to audio server $ auinfo -audio "`hostname`:0" auinfo: unable to connect to audio server # service nasd stop Stopping nasd (via systemctl): [ OK ] $ nasd -aa Network Audio System Release 1.9.3 Network Audio System Release 1.9.3 Error binding unix socket: /var/run/nasd/audio0 : Address already in use Fatal server error: Cannot establish unix listening socket A bit further.. $ export AUDIOSERVER="`hostname`:1" $ nasd -d 3 Network Audio System Release 1.9.3 Network Audio System Release 1.9.3 AuInitPhysicalDevices(); Init: will close device when finished with stream. Init: will keep mixer device open. Init: Leaving the mixer device options alone at startup. Init: openDevice OUT /dev/dsp mode 1 Init: Output open(/dev/dsp) failed: No such file or directory Fatal server error: could not create audio connection block info After installing ossp and rebooting there is now a /dev/dsp Possibly missing a require or better default configuration. I'll create a new bug for it as this is appears possibly remotely exploitable, although no PoC's When started with -pn option it now starts. $ auinfo -audio "`hostname`:0" Shows stuff. After ----- Started the same way with -pn. $ auinfo -audio "`hostname`:0" Shows stuff. $ audemo -audio "`hostname`:0" Scans $HOME for files and eventually opens an X window with some sounds to play. When selected they do play Ok. Testing complete mga3 64 Whiteboard:
MGA2TOO =>
MGA2TOO mga3-64-ok Testing complete mga3 32 Whiteboard:
MGA2TOO mga3-64-ok =>
MGA2TOO mga3-64-ok mga3-32-ok Can't get guest sound to work in Virtualbox to test mga2 :\ For sound in Mageia 2 under virtualbox, see https://bugs.mageia.org/show_bug.cgi?id=5509#c12 CC:
(none) =>
davidwhodgins Ahh great, thanks Dave, that did the trick. Testing complete mga2 32 Whiteboard:
MGA2TOO mga3-64-ok mga3-32-ok =>
MGA2TOO mga3-64-ok mga3-32-ok mga2-32-ok Having issues with this mga2 64, I can't seem to get beyond this.. $ nasd -d 3 -pn Network Audio System Release 1.9.2 Network Audio System Release 1.9.2 Binding TCP socket: Address already in use Cannot establish tcp listening socket Error binding unix socket: /var/run/nasd/audio0 : No such file or directory Cannot establish unix listening socket Fatal server error: Cannot establish any listening sockets ossp installed and system rebooted so /dev/dsp exists. Mga2 32 was ok, both these mga2 are in vbox. Sometimes nasd causes the terminal to close, no errors reported in syslog. I've run out of time today. Testing mga2 64 again in vbox Seems /dev/dsp was missing again, created when starting osspd service. nasd -d 3 -pn still closes the terminal but opening it again and checking with ps aux | grep nasd shows it is still running. Tested with audemo/auplay and found it played a wav file ok. I suspect issues with OSS. Whiteboard:
MGA2TOO mga3-64-ok mga3-32-ok mga2-32-ok =>
MGA2TOO mga3-64-ok mga3-32-ok mga2-32-ok mga2-64-ok Validating. Advisory 11305.adv uploaded. Could sysadmin please push from 2&3 core/updates_testing to updates Thanks! Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2013-0298.html Status:
NEW =>
RESOLVED |