| Summary: | socat new security issue CVE-2014-0019 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | rverschelde, stormi-mageia, sysadmin-bugs, tmb |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/585745/ | ||
| Whiteboard: | MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisory | ||
| Source RPM: | socat-2.0.0-0.b6.2.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-01-29 00:11:06 CET
David Walser
2014-01-29 00:11:17 CET
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated socat package fixes security vulnerability: Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name (<hostname> in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019 http://openwall.com/lists/oss-security/2014/01/28/7 ======================== Updated packages in core/updates_testing: ======================== socat-2.0.0-0.b7.1.mga3 socat-2.0.0-0.b7.1.mga4 from SRPMS: socat-2.0.0-0.b7.1.mga3.src.rpm socat-2.0.0-0.b7.1.mga4.src.rpm Version:
Cauldron =>
4 Testing procedure in https://bugs.mageia.org/show_bug.cgi?id=5986#c4 and next comments. CC:
(none) =>
stormi Testing complete mga3 64 with the procedure here https://bugs.mageia.org/show_bug.cgi?id=5986#c6 Whiteboard:
MGA3TOO has_procedure =>
MGA3TOO has_procedure mga3-64-ok Testing complete mga3 32 Whiteboard:
MGA3TOO has_procedure mga3-64-ok =>
MGA3TOO has_procedure mga3-32-ok mga3-64-ok Fedora has issued an advisory for this on January 30: https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html URL:
(none) =>
http://lwn.net/Vulnerabilities/585745/ Testing complete Mageia 4 i586. I reproduce the security issue using the procedure linked in comment 0, thus I can confirm Mageia 4's package is vulnerable. The second command leads to a buffer overflow error. After applying the update, the result is: [akien@localhost ~]$ socat - PROXY-CONNECT:localhost:$(perl -e "print 'A' x 384"):1,proxyport=8080 2014/02/14 22:24:03 socat[6310.3073042176] E _xioopen_proxy_connect(): PROXY CONNECT buffer too small I suppose this means the update correctly fixes the issue, since the new error is not a buffer overflow. Tested for regression using the procedure linked in comment 2. CC:
(none) =>
remi Testing complete Mageia 4 x86_64. -- Validating update, advisory uploaded. Please push to 3 & 4 core/updates. Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0070.html Status:
NEW =>
RESOLVED |